Improper Access Control in CAF Android Releases: Potential Device Node and Executable Execution Vulnerability

Improper Access Control in CAF Android Releases: Potential Device Node and Executable Execution Vulnerability

CVE-2018-11909 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /cache/ which presents a potential issue.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.