QwikSec

Security Database

CVE

CWE

Training

CVE-2018-3574

Published: Sep 19, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, userspace can request ION cache maintenance on a secure ION buffer for which the ION_FLAG_SECURE ion flag is not set and cause the kernel to attempt to perform cache maintenance on memory which does not belong to HLOS.

Vendor	Product	Versions
Qualcomm, Inc.	Android for MSM, Firefox OS for MSM, QRD Android	affected `All Android releases from CAF using the Linux kernel`

References

https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin

x_refsource_CONFIRM

https://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000049462

x_refsource_CONFIRM

https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=09874396dfbf546e5a628d810fcf5ea51a4d5785

x_refsource_CONFIRM

https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=53261410da625aaa2e070555aaa150a8533e5be4

x_refsource_CONFIRM

https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=3286b75d91519073d2f20bee85f22e294d5f1a18

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.