Vulnerability Description
Due to a race condition in the MDSS MDP driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a Use After Free condition can occur.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | - |
Related Weaknesses (CWE)
References
- https://source.android.com/security/bulletin/pixel/2018-07-01PatchVendor Advisory
- https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=36400a7fa375302Patch
- https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-sePatch
- https://source.android.com/security/bulletin/pixel/2018-07-01PatchVendor Advisory
- https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=36400a7fa375302Patch
- https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-sePatch
FAQ
What is CVE-2018-5859?
CVE-2018-5859 is a vulnerability with a CVSS score of 7.0 (HIGH). Due to a race condition in the MDSS MDP driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a Use ...
How severe is CVE-2018-5859?
CVE-2018-5859 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-5859?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android.