CVE-2018-13893
Vulnerability from cvelistv5
Published
2019-02-11 15:00
Modified
2024-08-05 09:14
Severity
Summary
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Out of bound mask range access caused by using possible old value of msg mask table count while copying masks to userspace.
References
| Source | URL | Tags |
|---|---|---|
| product-security@qualcomm.com | https://www.codeaurora.org/security-bulletin/2019/01/07/january-2019-code-aurora-security-bulletin | Patch, Third Party Advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:14:47.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.codeaurora.org/security-bulletin/2019/01/07/january-2019-code-aurora-security-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android for MSM, Firefox OS for MSM, QRD Android",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "All Android releases from CAF using the Linux kernel"
}
]
}
],
"datePublic": "2019-02-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Out of bound mask range access caused by using possible old value of msg mask table count while copying masks to userspace."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted Pointer Dereference in DIAG Services",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-11T14:57:01",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.codeaurora.org/security-bulletin/2019/01/07/january-2019-code-aurora-security-bulletin"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-13893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Out of bound mask range access caused by using possible old value of msg mask table count while copying masks to userspace."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted Pointer Dereference in DIAG Services"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.codeaurora.org/security-bulletin/2019/01/07/january-2019-code-aurora-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2019/01/07/january-2019-code-aurora-security-bulletin"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2018-13893",
"datePublished": "2019-02-11T15:00:00",
"dateReserved": "2018-07-11T00:00:00",
"dateUpdated": "2024-08-05T09:14:47.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-13893\",\"sourceIdentifier\":\"product-security@qualcomm.com\",\"published\":\"2019-02-11T15:29:00.817\",\"lastModified\":\"2019-02-12T15:04:42.633\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Out of bound mask range access caused by using possible old value of msg mask table count while copying masks to userspace.\"},{\"lang\":\"es\",\"value\":\"En todas las distribuciones de Android (Android for MSM, Firefox OS para MSM y QRD Android) de CAF que utilizan el kernel de Linux, se produc\u00eda un acceso de rango de m\u00e1scara fuera de l\u00edmites provocado por el uso de un posible valor antiguo de conteo de la tabla de m\u00e1scaras msg al copiar m\u00e1scaras al espacio de usuario.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":4.6},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26\"}]}]}],\"references\":[{\"url\":\"https://www.codeaurora.org/security-bulletin/2019/01/07/january-2019-code-aurora-security-bulletin\",\"source\":\"product-security@qualcomm.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
Loading...