CVE-2018-5841

HIGH

Android - Info Disclosure

Title source: llm

Description

dcc_curr_list is initialized with a default invalid value that is expected to be programmed by the user through a sysfs node which could lead to an invalid access in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

References (2)

[Patch, Vendor Advisory] https://source.android.com/security/bulletin/2018-05-01

[Patch, Third Party Advisory] https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2

Scores

CVSS v3 7.8

EPSS 0.0009

EPSS Percentile 24.9%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-1188

Status published

Products (1)

google/android

Published Jun 06, 2018

Tracked Since Feb 18, 2026