CVE-2018-3574

MEDIUM

Android - Improper Input Validation in ION Cache Maintenance

Title source: llm
STIX 2.1

Description

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, userspace can request ION cache maintenance on a secure ION buffer for which the ION_FLAG_SECURE ion flag is not set and cause the kernel to attempt to perform cache maintenance on memory which does not belong to HLOS.

Scores

CVSS v3 5.5
EPSS 0.0027
EPSS Percentile 19.1%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (1)
google/android
Published Sep 19, 2018
Tracked Since Feb 18, 2026