CVE-2018-5850

Severity CVSS v4.0:
Pending analysis
Type:
CWE-191 Integer Underflow (Wrap or Wraparound)
Publication date:
06/06/2018
Last modified:
17/07/2018

Description

In the function csr_update_fils_params_rso(), insufficient validation on a key length can result in an integer underflow leading to a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*