CVE-2018-5861

HIGH

Android - Heap Overwrite

Title source: llm

Description

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, existing checks in place on partition size are incomplete and can lead to heap overwrite vulnerabilities while loading a secure application from the boot loader.

References (2)

[Patch, Third Party Advisory] https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=114a392e29bc900c0fe15cc1f3e9ba369cd03244

[Patch, Third Party Advisory] https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin

Scores

CVSS v3 7.8

EPSS 0.0002

EPSS Percentile 5.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-704

Status published

Products (1)

google/android

Published Nov 27, 2018

Tracked Since Feb 18, 2026