Vulnerabilities > CVE-2018-5859 - Use After Free vulnerability in Google Android

CVSS 7.0 - HIGH

Attack vector

LOCAL

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

high complexity

google

CWE-416

NVD

Published: 2018-07-06

Updated: 2018-08-27

Summary

Due to a race condition in the MDSS MDP driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a Use After Free condition can occur.

Vulnerable Configurations

Part	Description	Count
OS	Google Google Android -	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin
https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=36400a7fa3753028a3bf89a9cdb28c5e25693c59
https://source.android.com/security/bulletin/pixel/2018-07-01