CVE-2018-11298

HIGH

Android - Buffer Overflow in HDD Passpoint Realm String Handling

Title source: llm
STIX 2.1

Description

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing SET_PASSPOINT_LIST vendor command HDD does not make sure that the realm string that gets passed by upper-layer is NULL terminated. This may lead to buffer overflow as strlen is used to get realm string length to construct the PASSPOINT WMA command.

Scores

CVSS v3 7.8
EPSS 0.0020
EPSS Percentile 10.2%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (1)
google/android
Published Sep 18, 2018
Tracked Since Feb 18, 2026