CVE-2018-11987

HIGH

Android - Memory Corruption

Title source: llm

Description

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, if there is an unlikely memory alloc failure for the secure pool in boot, it can result in wrong pointer access causing kernel panic.

References (1)

[Patch, Third Party Advisory] https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin

Scores

CVSS v3 7.8

EPSS 0.0003

EPSS Percentile 10.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-415

Status published

Affected Products (1)

google/android

Timeline

Published Dec 20, 2018

Tracked Since Feb 18, 2026