CVE-2018-12006

MEDIUM

Android - Unauthorized Data Access via Uninitialized Display Padding

Title source: llm
STIX 2.1

Description

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Users with no extra privileges can potentially access leaked data due to uninitialized padding present in display function.

References (1)

Core 1
Core References

Scores

CVSS v3 5.5
EPSS 0.0014
EPSS Percentile 3.8%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
google/android
Published Feb 11, 2019
Tracked Since Feb 18, 2026