CVE-2018-11278
N/A
N/A
Summary
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Venus HW searches for start code when decoding input bit stream buffers. If start code is not found in entire buffer, there is over-fetch beyond allocation length. This leads to page fault.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Qualcomm, Inc. | Android for MSM, Firefox OS for MSM, QRD Android | All Android releases from CAF using the Linux kernel | affected |
Weaknesses
- Buffer Over-read in Video
ADP Enrichment
CVE Program Container
Additional References
- https://source.codeaurora.org/quic/la/platform/hardware/qcom/media/commit/?id=6c7dbdb2f067bf844beef2c41d9d67cacc3adfa6
- https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin
References
- https://source.codeaurora.org/quic/la/platform/hardware/qcom/media/commit/?id=6c7dbdb2f067bf844beef2c41d9d67cacc3adfa6
- https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.