CVE-2018-11961

HIGH

Android - Memory Corruption in GNSS Configuration Update

Title source: llm
STIX 2.1

Description

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possibility of accessing out of bound vector index When updating some GNSS configurations.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/106136

Scores

CVSS v3 7.8
EPSS 0.0018
EPSS Percentile 7.6%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (1)
google/android
Published Dec 20, 2018
Tracked Since Feb 18, 2026