Out-of-Bounds Access Vulnerability in wma_nan_rsp_event_handler() in Android Releases

Out-of-Bounds Access Vulnerability in wma_nan_rsp_event_handler() in Android Releases

CVE-2018-5836 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

In wma_nan_rsp_event_handler() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the data_len value is received from firmware and not properly validated which could potentially lead to an out-of-bounds access.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.