CVE-2018-5848

Published: Jun 12, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

Affected (6)

Products: Google: Android · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation, Virtualization Host · Debian: Debian Linux

1 product

4 products

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Workstation

Virtualization Host

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Android	All versions

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Workstation	Version 7.0
Redhat Virtualization Host	Version 4.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (15)

https://access.redhat.com/errata/RHSA-2018:2948

Source: product-security@qualcomm.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3083

Source: product-security@qualcomm.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3096

Source: product-security@qualcomm.com

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html

Source: product-security@qualcomm.com

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html

Source: product-security@qualcomm.com

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html

Source: product-security@qualcomm.com

Mailing ListThird Party Advisory

https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2

Source: product-security@qualcomm.com

PatchThird Party Advisory

https://source.android.com/security/bulletin/pixel/2018-05-01

Source: nvd@nist.gov

Vendor Advisory

https://access.redhat.com/errata/RHSA-2018:2948

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3083

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3096

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.