Vulnerability Description
While processing the USB StrSerialDescriptor array, an array index out of bounds can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | - |
Related Weaknesses (CWE)
References
- https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-componentPatchVendor Advisory
- https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=c8415f6f2271Patch
- https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-componentPatchVendor Advisory
- https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=c8415f6f2271Patch
FAQ
What is CVE-2018-5887?
CVE-2018-5887 is a vulnerability with a CVSS score of 7.8 (HIGH). While processing the USB StrSerialDescriptor array, an array index out of bounds can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before...
How severe is CVE-2018-5887?
CVE-2018-5887 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-5887?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android.