Description
Due to a race condition in the MDSS MDP driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a Use After Free condition can occur.
References (3)
Core 3
Core References
Patch x_refsource_confirm
https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin
Patch x_refsource_confirm
https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=36400a7fa3753028a3bf89a9cdb28c5e25693c59
Patch, Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/pixel/2018-07-01
Scores
CVSS v3
7.0
EPSS
0.0013
EPSS Percentile
2.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-362
CWE-416
Status
published
Products (1)
google/android
Published
Jul 06, 2018
Tracked Since
Feb 18, 2026