CVE-2018-11275
MEDIUMAndroid - Exposure of Sensitive Information via FastbootLib Image Flashing
Title source: llmDescription
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when flashing image using FastbootLib if size is not divisible by block size, information leak occurs.
References (3)
Core 3
Core References
Patch, Third Party Advisory x_refsource_confirm
https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=bf0261ab128f28763258c620bc95ca379a286b59
Patch, Third Party Advisory x_refsource_confirm
https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106949
Scores
CVSS v3
5.5
EPSS
0.0019
EPSS Percentile
8.9%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
google/android
Published
Sep 18, 2018
Tracked Since
Feb 18, 2026