CVE-2018-11276

HIGH

Google Android - Double Free

Title source: rule

Description

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, double free of memory allocation is possible in Kernel when it explicitly tries to free that memory on driver probe failure, since memory allocated is automatically freed on probe.

References (3)

[Patch, Vendor Advisory] https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components

[Patch, Third Party Advisory] https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=83a44ca6057bf9c1e36515cded28edc32a4a1501

[Patch, Third Party Advisory] https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin

Scores

CVSS v3 7.8

EPSS 0.0003

EPSS Percentile 7.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-415

Status published

Affected Products (1)

google/android

Timeline

Published Sep 18, 2018

Tracked Since Feb 18, 2026