Main Vulnerability Database SB2018091847

SB2018091847 - Double Free in Google, Google Android

Published: September 18, 2018 Updated: August 8, 2020

Security Bulletin ID SB2018091847

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Double Free (CVE-ID: CVE-2018-11840)

The vulnerability allows a local authenticated user to execute arbitrary code.

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the WLAN driver command ioctl a temporary buffer used to construct the reply message may be freed twice.

Remediation

Install update from vendor's website.

References

http://www.securityfocus.com/bid/107770
https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=a3d53bb977b907a5d11d22cad3f8ebf3f1d2b1ed
https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin