Out-of-Bounds Access in Android GNSS Configurations by Qualcomm
CVE-2018-11961

7.8HIGH

Key Information:

Vendor
Qualcomm
Vendor
CVE Published:
20 December 2018

Summary

A vulnerability exists in the Android operating system across multiple releases that utilize the Qualcomm-based Linux kernel. This flaw allows an attacker to potentially access an out-of-bounds vector index when certain GNSS (Global Navigation Satellite System) configurations are updated. This can lead to unexpected behavior and may compromise device integrity or access sensitive data.

Affected Version(s)

Android for MSM, Firefox OS for MSM, QRD Android All Android releases from CAF using the Linux kernel

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.