Vulnerabilities > CVE-2018-5845 - Use After Free vulnerability in Google Android

CVSS 7.0 - HIGH

Attack vector

LOCAL

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

high complexity

google

CWE-416

NVD

Published: 2018-06-06

Updated: 2018-07-17

Summary

A race condition in drm_atomic_nonblocking_commit() in the display driver can potentially lead to a Use After Free scenario in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

Vulnerable Configurations

Part	Description	Count
OS	Google Google Android -	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://source.android.com/security/bulletin/2018-05-01
https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2