In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the WLAN driver command ioctl a temporary buffer used to construct the reply message may be freed twice.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/107770 | |
https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=a3d53bb977b907a5d11d22cad3f8ebf3f1d2b1ed | Patch Third Party Advisory |
https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin | Patch Third Party Advisory |
Configurations
History
No history.
Information
Published : 2018-09-18 18:29
Updated : 2023-12-10 12:44
NVD link : CVE-2018-11840
Mitre link : CVE-2018-11840
CVE.ORG link : CVE-2018-11840
JSON object : View
Products Affected
- android
CWE
CWE-415
Double Free