CVE-2018-11918

HIGH

Android - Use After Free

Title source: llm

Description

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated is automatically released by the kernel if the 'probe' function fails with an error code.

References (2)

[Patch, Third Party Advisory] https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=5ca16318bf1a409e9e5c169dc5b7f0821e5323d7

[Patch, Third Party Advisory] https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin

Scores

CVSS v3 7.8

EPSS 0.0002

EPSS Percentile 4.5%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-415

Status published

Affected Products (1)

google/android

Timeline

Published Nov 27, 2018

Tracked Since Feb 18, 2026