Main Vulnerability Database SB2018091828

SB2018091828 - Out-of-bounds read in Google, Google Android

Published: September 18, 2018 Updated: August 8, 2020

Security Bulletin ID SB2018091828

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Out-of-bounds read (CVE-ID: CVE-2018-11278)

The vulnerability allows a local authenticated user to #BASIC_IMPACT#.

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Venus HW searches for start code when decoding input bit stream buffers. If start code is not found in entire buffer, there is over-fetch beyond allocation length. This leads to page fault.

Remediation

Install update from vendor's website.

References

https://source.codeaurora.org/quic/la/platform/hardware/qcom/media/commit/?id=6c7dbdb2f067bf844beef2c41d9d67cacc3adfa6
https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin