In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing SET_PASSPOINT_LIST vendor command HDD does not make sure that the realm string that gets passed by upper-layer is NULL terminated. This may lead to buffer overflow as strlen is used to get realm string length to construct the PASSPOINT WMA command.
References
Link | Resource |
---|---|
https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin | Patch Third Party Advisory |
https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=9074c6cfb9c0bbfe279394eec0d3176c4f75ce80 | Patch Third Party Advisory |
https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components | Patch Vendor Advisory |
Configurations
Information
Published : 2018-09-18 11:29
Updated : 2018-11-09 09:36
NVD link : CVE-2018-11298
Mitre link : CVE-2018-11298
JSON object : View
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Products Affected
- android