CVE-2018-11262 Information

Description

In Android for MSM Firefox OS for MSM and QRD Android with all Android releases from CAF using the Linux kernel while trying to find out total number of partition via a non zero check there could be possibility where the ‘TotalPart’ could cross ‘GptHeader-MaxPtCnt’ and which could result in OOB write in patching GPT.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/106949 https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=29ab5eb75bc9ed01466ab1a98e932e59fe27ad42 https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8