CVE-2018-11904

Summary

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, asynchronous callbacks received a pointer to a callers local variable. Should the caller return early (e.g., timeout), the callback will dereference an invalid pointer.

Affected Software

VendorProductVersion RangeStatus
Qualcomm, Inc.Android for MSM, Firefox OS for MSM, QRD AndroidAll Android releases from CAF using the Linux kernelaffected

Weaknesses

  • Return of Stack Variable Address in WLAN

ADP Enrichment

CVE Program Container

Additional References

References