Automatic Memory Release Vulnerability in CAF Android Releases

Automatic Memory Release Vulnerability in CAF Android Releases

CVE-2018-11270 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated with devm_kzalloc is automatically released by the kernel if the probe function fails with an error code. This may result in data corruption.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.