CVE-2018-11889

HIGH

Android - Use-After-Free in WLAN RSSI Timeout Handling

Title source: llm
STIX 2.1

Description

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when requesting rssi timeout, access invalid memory may occur since local variable 'context' stack data of wlan function is free.

References (3)

Core 3

Scores

CVSS v3 7.8
EPSS 0.0020
EPSS Percentile 10.2%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (1)
google/android
Published Sep 19, 2018
Tracked Since Feb 18, 2026