Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2018-5845 |
CWE-ID | CWE-362 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Google Android Operating systems & Components / Operating system |
Vendor |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU37080
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5845
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
A race condition in drm_atomic_nonblocking_commit() in the display driver can potentially lead to a Use After Free scenario in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: All versions
CPE2.3http://source.android.com/security/bulletin/2018-05-01
http://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.