CVE-2018-11262

HIGH

Google Android - Out-of-Bounds Write

Title source: rule

Description

In Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel while trying to find out total number of partition via a non zero check, there could be possibility where the 'TotalPart' could cross 'GptHeader->MaxPtCnt' and which could result in OOB write in patching GPT.

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/106949

[Patch, Third Party Advisory] https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=29ab5eb75bc9ed01466ab1a98e932e59fe27ad42

[Patch, Third Party Advisory] https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin

Scores

CVSS v3 7.8

EPSS 0.0003

EPSS Percentile 8.8%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-682 CWE-787

Status published

Affected Products (1)

google/android

Timeline

Published Sep 04, 2018

Tracked Since Feb 18, 2026