CVE-2018-11985
HIGHAndroid - Integer Overflow to Heap Buffer Overflow in Memory Allocation
Title source: llmDescription
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, When allocating heap using user supplied size, Possible heap overflow vulnerability due to integer overflow in roundup to native pointer.
References (1)
Core 1
Core References
Patch, Third Party Advisory x_refsource_confirm
https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin
Scores
CVSS v3
7.8
EPSS
0.0016
EPSS Percentile
5.1%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-190
Status
published
Products (1)
google/android
Published
Dec 20, 2018
Tracked Since
Feb 18, 2026