cve-2018-5887
Vulnerability from cvelistv5
Published
2018-07-06 17:00
Modified
2024-09-16 17:32
Severity
Summary
While processing the USB StrSerialDescriptor array, an array index out of bounds can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T05:47:55.964Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=c8415f6f2271008aef5056689950236df627d9b1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android for MSM, Firefox OS for MSM, QRD Android", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "All Android releases from CAF using the Linux kernel" } ] } ], "datePublic": "2018-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "While processing the USB StrSerialDescriptor array, an array index out of bounds can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05." } ], "problemTypes": [ { "descriptions": [ { "description": "Improper Validation of Array Index in Boot", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-07-06T16:57:01", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=c8415f6f2271008aef5056689950236df627d9b1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@qualcomm.com", "DATE_PUBLIC": "2018-06-05T00:00:00", "ID": "CVE-2018-5887", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", "version": { "version_data": [ { "version_value": "All Android releases from CAF using the Linux kernel" } ] } } ] }, "vendor_name": "Qualcomm, Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "While processing the USB StrSerialDescriptor array, an array index out of bounds can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Improper Validation of Array Index in Boot" } ] } ] }, "references": { "reference_data": [ { "name": "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=c8415f6f2271008aef5056689950236df627d9b1", "refsource": "CONFIRM", "url": "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=c8415f6f2271008aef5056689950236df627d9b1" }, { "name": "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components" } ] } } } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2018-5887", "datePublished": "2018-07-06T17:00:00Z", "dateReserved": "2018-01-19T00:00:00", "dateUpdated": "2024-09-16T17:32:43.172Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2018-5887\",\"sourceIdentifier\":\"product-security@qualcomm.com\",\"published\":\"2018-07-06T17:29:01.897\",\"lastModified\":\"2018-08-27T18:09:16.753\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"While processing the USB StrSerialDescriptor array, an array index out of bounds can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.\"},{\"lang\":\"es\",\"value\":\"Al procesar el array USB StrSerialDescriptor, puede ocurrir una indexaci\u00f3n de arrays fuera de l\u00edmites en las distribuciones de Android de CAF (Android for MSM, Firefox OS for MSM y QRD Android) que utilizan el kernel de Linux antes del parche de seguridad de nivel del 05/06/2018.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":4.6},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26\"}]}]}],\"references\":[{\"url\":\"https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components\",\"source\":\"product-security@qualcomm.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=c8415f6f2271008aef5056689950236df627d9b1\",\"source\":\"product-security@qualcomm.com\",\"tags\":[\"Patch\"]}]}}" } }
Loading...