CVE-2018-11898

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing start bss request from upper layer, out of bounds read occurs if ssid length is greater than maximum.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://source.android.com/security/bulletin/2018-09-01#qualcomm-components	Patch Vendor Advisory
https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=dc657f502adb3038784b7488d2f183ed31b6aac3	Patch Third Party Advisory
https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-09-19 14:29

Updated : 2023-12-10 12:44

NVD link : CVE-2018-11898

Mitre link : CVE-2018-11898

CVE.ORG link : CVE-2018-11898

JSON object : View

Products Affected

google

android

CWE

CWE-125

Out-of-bounds Read

{"id": "CVE-2018-11898", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2018-09-19T14:29:01.553", "references": [{"url": "https://source.android.com/security/bulletin/2018-09-01#qualcomm-components", "tags": ["Patch", "Vendor Advisory"], "source": "product-security@qualcomm.com"}, {"url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=dc657f502adb3038784b7488d2f183ed31b6aac3", "tags": ["Patch", "Third Party Advisory"], "source": "product-security@qualcomm.com"}, {"url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", "tags": ["Patch", "Third Party Advisory"], "source": "product-security@qualcomm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing start bss request from upper layer, out of bounds read occurs if ssid length is greater than maximum."}, {"lang": "es", "value": "En Android for MSM, Firefox OS for MSM, QRD Android, con todas las distribuciones de Android de CAF que utilizan el kernel de Linux, cuando se procesan las peticiones start bss de la capa superior, puede ocurrir una lectura fuera de l\u00edmites si la longitud ssid es mayor que el m\u00e1ximo."}], "lastModified": "2018-11-09T16:22:11.400", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@qualcomm.com"}