CVE-2018-5841
HIGHAndroid - Insecure Default Resource Initialization in dcc_curr_list
Title source: llmDescription
dcc_curr_list is initialized with a default invalid value that is expected to be programmed by the user through a sysfs node which could lead to an invalid access in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
References (2)
Core 2
Core References
Patch, Vendor Advisory
https://source.android.com/security/bulletin/2018-05-01
Patch, Third Party Advisory x_refsource_misc
https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2
Scores
CVSS v3
7.8
EPSS
0.0039
EPSS Percentile
30.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-1188
Status
published
Products (1)
google/android
Published
Jun 06, 2018
Tracked Since
Feb 18, 2026