CVE-2018-11263
HIGHAndroid - Out-of-Bounds Write via Radio Stats Buffer Access
Title source: llmDescription
In all Android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, radio_id is received from the FW and is used to access the buffer to copy the radio stats received for each radio from FW. If the radio_id received from the FW is greater than or equal to maximum, an OOB write will occur. On supported Google Pixel and Nexus devices, this has been addressed in security patch level 2018-08-05.
References (3)
Core 3
Core References
Patch, Third Party Advisory x_refsource_confirm
https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin
Patch, Third Party Advisory x_refsource_confirm
https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=476ad571ec5b42c42bb1ce9468f18c7e996646ed
Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/pixel/2018-08-01
Scores
CVSS v3
8.8
EPSS
0.0047
EPSS Percentile
37.1%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-129
Status
published
Products (1)
google/android
Published
Sep 06, 2018
Tracked Since
Feb 18, 2026