CVE-2018-11294

HIGH

Android - Improper Input Validation in WLAN Handler Indication

Title source: llm
STIX 2.1

Description

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, WLAN handler indication from the firmware gets the information for 4 access categories. While processing this information only the first 3 AC information is copied due to the improper conditional logic used to compare with the max number of categories.

References (3)

Core 3

Scores

CVSS v3 8.0
EPSS 0.0033
EPSS Percentile 25.1%
Attack Vector ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (1)
google/android
Published Sep 18, 2018
Tracked Since Feb 18, 2026