SB2019021124 - NULL pointer dereference in Google, Google Android
Published: February 11, 2019 Updated: August 8, 2020
Security Bulletin ID
SB2019021124
Severity
Medium
Patch available
NO
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2018-12014)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Null pointer dereference vulnerability may occur due to missing NULL assignment in NAT module of freed pointer. A remote attacker can perform a denial of service (DoS) attack.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.