CVE-2018-11266

HIGH

Android - Use-After-Free via Improper Input Validation in DCI Client

Title source: llm
STIX 2.1

Description

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper input validation can lead to an improper access to already freed up dci client entries while closing dci client.

Scores

CVSS v3 7.8
EPSS 0.0019
EPSS Percentile 9.0%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (1)
google/android
Published Nov 27, 2018
Tracked Since Feb 18, 2026