CVE-2018-12014

HIGH

Android - Null Pointer Dereference in NAT Module

Title source: llm
STIX 2.1

Description

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Null pointer dereference vulnerability may occur due to missing NULL assignment in NAT module of freed pointer.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/106496

Scores

CVSS v3 7.8
EPSS 0.0018
EPSS Percentile 8.1%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-416 CWE-476
Status published
Products (1)
google/android
Published Feb 11, 2019
Tracked Since Feb 18, 2026