CVE-2018-11266
HIGHAndroid - Use-After-Free via Improper Input Validation in DCI Client
Title source: llmDescription
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper input validation can lead to an improper access to already freed up dci client entries while closing dci client.
References (3)
Core 3
Core References
Patch, Third Party Advisory x_refsource_confirm
https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin
Patch, Third Party Advisory x_refsource_confirm
https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=8e5749b17c2024af317f06e08aae455af9b79bd0
Patch, Third Party Advisory x_refsource_confirm
https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=21dd238ad58362877e341d905bea1c7cf273f19a
Scores
CVSS v3
7.8
EPSS
0.0019
EPSS Percentile
9.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (1)
google/android
Published
Nov 27, 2018
Tracked Since
Feb 18, 2026