| Vulnerability Name: | CVE-2018-11894 (CCN-150158) | ||||||||||||
| Assigned: | 2018-09-04 | ||||||||||||
| Published: | 2018-09-04 | ||||||||||||
| Updated: | 2019-04-18 | ||||||||||||
| Summary: | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing preferred network offload scan results integer overflow may lead to buffer overflow when large frame length is received from FW. | ||||||||||||
| CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-190 | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: CCN Type: Google Web site Android Source: MITRE Type: CNA CVE-2018-11894 Source: BID Type: Third Party Advisory, VDB Entry 107770 Source: XF Type: UNKNOWN codeaurora-cve201811894-bo(150158) Source: CONFIRM Type: Patch, Third Party Advisory https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=e60c5608f843ec106a98a98b33de0c3be070d557 Source: CCN Type: Code Aurora Security Bulletin September 2018 Code Aurora Source: CONFIRM Type: Patch, Third Party Advisory https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||