Use After Free Vulnerability in CAF Android Releases
CVE-2018-11281 · HIGH Severity
AV:L/AC:L/AU:N/C:C/I:C/A:C
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while calling IPA_IOC_MDFY_RT_RULE IPA IOCTL, header entry is not checked before use. If IPA_IOC_MDFY_RT_RULE IOCTL called for header entries formerly deleted, a Use after free condition will occur.
Learn more about our Cis Benchmark Audit For Distribution Independent Linux.