CVE-2018-11893

HIGH

Google Android - Buffer Overflow in Vendor Scan Request Processing

Title source: llm
STIX 2.1

Description

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing vendor scan request, when input argument - length of request IEs is greater than maximum can lead to a buffer overflow.

Scores

CVSS v3 7.8
EPSS 0.0018
EPSS Percentile 8.1%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (1)
google/android
Published Sep 19, 2018
Tracked Since Feb 18, 2026