Integer Underflow Vulnerability in csr_update_fils_params_rso() Function

Integer Underflow Vulnerability in csr_update_fils_params_rso() Function

CVE-2018-5850 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

In the function csr_update_fils_params_rso(), insufficient validation on a key length can result in an integer underflow leading to a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.