Vulnerability identifier: #VU36637
Vulnerability risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Google Android
Operating systems & Components /
Operating system
Vendor: Google
Description
The vulnerability allows a local authenticated user to execute arbitrary code.
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper length check Validation in WLAN function can lead to driver writes the default rsn capabilities to the memory not allocated to the frame.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Google Android:
External links
http://www.securityfocus.com/bid/107770
http://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=3dfe93028c0c6564db7aa4607a85413195925aa4
http://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.