Vulnerability Name: | CVE-2018-5897 (CCN-145995) | ||||||||||||
Assigned: | 2018-06-05 | ||||||||||||
Published: | 2018-06-05 | ||||||||||||
Updated: | 2019-10-03 | ||||||||||||
Summary: | While reading the data from buffer in dci_process_ctrl_status() there can be buffer over-read problem if the len is not checked correctly in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | ||||||||||||
CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||||||
Vulnerability Type: | CWE-125 | ||||||||||||
Vulnerability Consequences: | Obtain Information | ||||||||||||
References: | Source: CCN Type: Google Web site Android Source: MITRE Type: CNA CVE-2018-5897 Source: XF Type: UNKNOWN android-cve20185897-info-disc(145995) Source: CCN Type: Android Open Source Project Pixel?/?Nexus Security BulletinJune 2018 Source: CONFIRM Type: Vendor Advisory https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components Source: CCN Type: Qualcomm Web site Qualcomm | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||||||
BACK |