Use After Free and Out-of-Bounds Access in Android DIAG Driver
CVE-2018-11984

7.8HIGH

Key Information:

Vendor: Qualcomm
Status: Android For Msm, Firefox Os For Msm, Qrd Android
Vendor: CVE Published:; 20 December 2018

What is CVE-2018-11984?

A use after free condition and an out-of-bounds access vulnerability exists in the DIAG driver for all Android releases utilizing the CAF framework and Linux kernel. This flaw can potentially allow an attacker to execute arbitrary code or disrupt normal system functionality, emphasizing the need for immediate attention to ensure system integrity and security.

Affected Version(s)

Android for MSM, Firefox OS for MSM, QRD Android All Android releases from CAF using the Linux kernel

References

https://www.codeaurora.org/security-bulletin/2018/12/03/d...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 20, 2018
Vulnerability Reserved
Jun 7, 2018

Qualcomm

What is CVE-2018-11984?

Affected Version(s)

References

CVSS V3.1

Timeline