QwikSec

Security Database

CVE

CWE

Training

CVE-2018-5848

Published: Jun 12, 2018

Modified: Sep 17, 2024

PUBLISHED

Description

In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

Vendor	Product	Versions
Qualcomm, Inc.	Android for MSM, Firefox OS for MSM, QRD Android	affected `All Android releases from CAF using the Linux kernel`

References

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2

x_refsource_MISC

vendor-advisory

x_refsource_REDHAT

[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update

mailing-list

x_refsource_MLIST

[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update

mailing-list

x_refsource_MLIST

[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.