CVE-2018-11263 Information

Description

In all Android releases (Android for MSM Firefox OS for MSM QRD Android) from CAF using the Linux kernel radio_id is received from the FW and is used to access the buffer to copy the radio stats received for each radio from FW. If the radio_id received from the FW is greater than or equal to maximum an OOB write will occur. On supported Google Pixel and Nexus devices this has been addressed in security patch level 2018-08-05.

CVSS Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://source.android.com/security/bulletin/pixel/2018-08-01 https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=476ad571ec5b42c42bb1ce9468f18c7e996646ed https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8