CVE-2018-5848

Current Description

In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

Basic Data

PublishedJune 12, 2018
Last ModifiedMay 02, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score4.6
SeverityMEDIUM
Exploitability Score3.9
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

CVSS 3 - Version3.0
CVSS 3 - Vector StringCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 3 - Attack VectorLOCAL
CVSS 3 - Attack ComplexityLOW
CVSS 3 - Privileges RequiredLOW
CVSS 3 - User InteractionNONE
CVSS 3 - ScopeUNCHANGED
CVSS 3 - Confidentiality ImpactHIGH
CVSS 3 - Integrity ImpactHIGH
CVSS 3 - Availability ImpactHIGH
CVSS 3 - Base Score7.8
CVSS 3 - Base SeverityHIGH
Exploitability Score1.8
Base SeverityHIGH

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSGoogleAndroid-*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatVirtualization Host4.0*******
    2.3OSRedhatEnterprise Linux Desktop7.0*******
    2.3OSRedhatEnterprise Linux Server7.0*******
    2.3OSRedhatEnterprise Linux Workstation7.0*******
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSDebianDebian Linux8.0*******

Vulnerable Software List

VendorProductVersions
Debian Debian Linux 8.0
Redhat Enterprise Linux Workstation 7.0
Redhat Virtualization Host 4.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Server 7.0
Google Android -

References

NameSourceURLTags
RHSA-2018:2948https://access.redhat.com/errata/RHSA-2018:2948REDHATThird Party Advisory
RHSA-2018:3083https://access.redhat.com/errata/RHSA-2018:3083REDHATThird Party Advisory
RHSA-2018:3096https://access.redhat.com/errata/RHSA-2018:3096REDHATThird Party Advisory
[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security updatehttps://lists.debian.org/debian-lts-announce/2019/03/msg00017.htmlMLISTMailing List Third Party Advisory
[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security updatehttps://lists.debian.org/debian-lts-announce/2019/03/msg00034.htmlMLISTMailing List Third Party Advisory
[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression updatehttps://lists.debian.org/debian-lts-announce/2019/04/msg00004.htmlMLISTMailing List Third Party Advisory
MISChttps://source.android.com/security/bulletin/pixel/2018-05-01MISCVendor Advisory
https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2MISCPatch Third Party Advisory