Venus HW Buffer Over-fetch Vulnerability

Venus HW Buffer Over-fetch Vulnerability

CVE-2018-11278 · MEDIUM Severity

AV:L/AC:L/AU:N/C:C/I:N/A:C

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Venus HW searches for start code when decoding input bit stream buffers. If start code is not found in entire buffer, there is over-fetch beyond allocation length. This leads to page fault.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.