CVE-2018-11262

HIGH

Google Android - Out-of-Bounds Write

Title source: rule

Description

In Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel while trying to find out total number of partition via a non zero check, there could be possibility where the 'TotalPart' could cross 'GptHeader->MaxPtCnt' and which could result in OOB write in patching GPT.

References (3)

[Patch, Third Party Advisory] https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/106949

[Patch, Third Party Advisory] https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=29ab5eb75bc9ed01466ab1a98e932e59fe27ad42

Scores

CVSS v3 7.8

EPSS 0.0003

EPSS Percentile 9.1%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-682 CWE-787

Status published

Products (1)

google/android

Published Sep 04, 2018

Tracked Since Feb 18, 2026