ghsa-jjwv-9v54-84jw
Vulnerability from github
Published
2022-05-14 02:00
Modified
2022-05-14 02:00
Severity
Details
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Venus HW searches for start code when decoding input bit stream buffers. If start code is not found in entire buffer, there is over-fetch beyond allocation length. This leads to page fault.
{ "affected": [], "aliases": [ "CVE-2018-11278" ], "database_specific": { "cwe_ids": [ "CWE-125" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2018-09-18T18:29:00Z", "severity": "HIGH" }, "details": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Venus HW searches for start code when decoding input bit stream buffers. If start code is not found in entire buffer, there is over-fetch beyond allocation length. This leads to page fault.", "id": "GHSA-jjwv-9v54-84jw", "modified": "2022-05-14T02:00:09Z", "published": "2022-05-14T02:00:09Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11278" }, { "type": "WEB", "url": "https://source.codeaurora.org/quic/la/platform/hardware/qcom/media/commit/?id=6c7dbdb2f067bf844beef2c41d9d67cacc3adfa6" }, { "type": "WEB", "url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "type": "CVSS_V3" } ] }
Loading...