Vulnerability Description
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possible buffer overflow while incrementing the log_buf of type uint64_t in memcpy function, since the log_buf pointer can access the memory beyond the size to store the data after pointer increment.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | - |
Related Weaknesses (CWE)
References
- https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-componentPatchVendor Advisory
- https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=b211b051d7ca226PatchThird Party Advisory
- https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-auroPatchThird Party Advisory
- https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-componentPatchVendor Advisory
- https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=b211b051d7ca226PatchThird Party Advisory
- https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-auroPatchThird Party Advisory
FAQ
What is CVE-2018-11265?
CVE-2018-11265 is a vulnerability with a CVSS score of 7.8 (HIGH). In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possible buffer overflow while incrementing the log_buf of type uint64_t in memcpy function,...
How severe is CVE-2018-11265?
CVE-2018-11265 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-11265?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android.