Untrusted Pointer Dereference Vulnerability in Android Releases by Qualcomm
CVE-2018-11988

7.8HIGH

Key Information:

Vendor
Qualcomm
Vendor
CVE Published:
20 December 2018

Summary

An untrusted pointer dereference vulnerability exists within multiple Android releases by Qualcomm. This issue arises when a variable that has already been freed is accessed, potentially leading to software vulnerabilities and system instability. The affected products include Android for MSM, Firefox OS for MSM, and QRD Android, emphasizing the need for users to deploy security updates to mitigate associated risks. Developers and users should prioritize this patch to enhance system security and stability.

Affected Version(s)

Android for MSM, Firefox OS for MSM, QRD Android All Android releases from CAF using the Linux kernel

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.