QualcommCVE-2018-11919CVE-2018-11919
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
25.1%
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a potential heap overflow and memory corruption due to improper error handling in SOC infrastructure.
Affected configurations
References
source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=085e7272b4c5a41b1ab26c683591864aefab14fe
source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=87925782e640efb493f21bf0e255b6a638eea334
source.codeaurora.org/quic/qsdk/oss/kernel/linux-msm/commit/?id=456a408d62cef797107e3b0de7d05bb211742bbd
www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
25.1%