In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing user-space there is no size validation of the NAT entry input. If the user input size of the NAT entry is greater than the max allowed size, memory exhaustion will occur.
References
Link | Resource |
---|---|
https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin | Patch Third Party Advisory |
https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=bd3627dae5f1a34e0284cfe167f61273ecc2f386 | Patch Third Party Advisory |
http://www.securityfocus.com/bid/106949 | Third Party Advisory VDB Entry |
Configurations
Information
Published : 2018-09-18 11:29
Updated : 2019-03-05 05:33
NVD link : CVE-2018-11280
Mitre link : CVE-2018-11280
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
- android