Vulnerability Details CVE-2018-5895
Buffer over-read may happen in wma_process_utf_event() due to improper buffer length validation before writing into param_buf->num_wow_packet_buffer in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.5%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 2.1
References
- https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components
- https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin
- https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components
- https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin