| Vulnerability Name: | CVE-2018-11906 (CCN-153344) | ||||||||||||
| Assigned: | 2018-11-05 | ||||||||||||
| Published: | 2018-11-05 | ||||||||||||
| Updated: | 2019-10-03 | ||||||||||||
| Summary: | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a security concern with default privileged access to ADB and debug-fs. | ||||||||||||
| CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-276 | ||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-11906 Source: XF Type: UNKNOWN codeaurora-cve201811906-sec-bypass(153344) Source: CONFIRM Type: Patch, Third Party Advisory https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=1dffcbf6fea3667a9a19dad70ddba12eff5ccbfb Source: CONFIRM Type: Patch, Third Party Advisory https://source.codeaurora.org/quic/le/qti-conf/commit/?id=0eeb4558d541fac40b486a224eb6c601b64115a1 Source: CONFIRM Type: Patch, Third Party Advisory https://source.codeaurora.org/quic/le/qti-conf/commit/?id=fba5fe2ff19998db42acd4c39a6b02246e13bee0 Source: CCN Type: Code Aurora Security Bulletin November 2018 Code Aurora Source: CONFIRM Type: Patch, Third Party Advisory https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||