Buffer Over-read Vulnerability in Android Releases from CAF

Buffer Over-read Vulnerability in Android Releases from CAF

CVE-2018-11293 · LOW Severity

AV:A/AC:L/AU:N/C:P/I:N/A:N

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in wma_ndp_confirm_event_handler and wma_ndp_indication_event_handler, ndp_cfg len and num_ndp_app_info is from fw. If they are not checked, it may cause buffer over-read once the value is too large.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.