Buffer Overflow Vulnerability in SET_PASSPOINT_LIST Command in Android Releases

Buffer Overflow Vulnerability in SET_PASSPOINT_LIST Command in Android Releases

CVE-2018-11298 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing SET_PASSPOINT_LIST vendor command HDD does not make sure that the realm string that gets passed by upper-layer is NULL terminated. This may lead to buffer overflow as strlen is used to get realm string length to construct the PASSPOINT WMA command.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.