CVE-2018-11262
N/A
N/A
Summary
In Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel while trying to find out total number of partition via a non zero check, there could be possibility where the 'TotalPart' could cross 'GptHeader->MaxPtCnt' and which could result in OOB write in patching GPT.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Qualcomm, Inc. | Android for MSM, Firefox OS for MSM, QRD Android | All Android releases from CAF using the Linux kernel | affected |
Weaknesses
- Incorrect Calculation of Buffer Size in Boot
ADP Enrichment
CVE Program Container
Additional References
- https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin
- http://www.securityfocus.com/bid/106949
- https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=29ab5eb75bc9ed01466ab1a98e932e59fe27ad42
References
- https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin
- http://www.securityfocus.com/bid/106949
- https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=29ab5eb75bc9ed01466ab1a98e932e59fe27ad42
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.