| Vulnerability Name: | CVE-2018-11987 (CCN-154593) | ||||||||||||
| Assigned: | 2018-12-03 | ||||||||||||
| Published: | 2018-12-03 | ||||||||||||
| Updated: | 2019-01-09 | ||||||||||||
| Summary: | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, if there is an unlikely memory alloc failure for the secure pool in boot, it can result in wrong pointer access causing kernel panic. | ||||||||||||
| CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
5.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-415 | ||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-11987 Source: XF Type: UNKNOWN codeaurora-cve201811987-dos(154593) Source: CCN Type: Code Aurora Security Bulletin December 2018 Code Aurora Source: CONFIRM Type: Patch, Third Party Advisory https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||