Out-of-Bounds Write Vulnerability in GPT Partitioning on Android for MSM, Firefox OS for MSM, and QRD Android

Out-of-Bounds Write Vulnerability in GPT Partitioning on Android for MSM, Firefox OS for MSM, and QRD Android

CVE-2018-11262 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

In Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel while trying to find out total number of partition via a non zero check, there could be possibility where the 'TotalPart' could cross 'GptHeader->MaxPtCnt' and which could result in OOB write in patching GPT.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.