Description
A bool variable in Video function, which gets typecasted to int before being read could result in an out of bound read access in all Android releases from CAF using the linux kernel
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1041432
Patch, Third Party Advisory x_refsource_confirm
https://www.codeaurora.org/security-bulletin/2018/10/01/october-2018-code-aurora-security-bulletin
Scores
CVSS v3
5.5
EPSS
0.0002
EPSS Percentile
6.6%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-125
Status
published
Products (1)
google/android
Published
Oct 29, 2018
Tracked Since
Feb 18, 2026