CVE-2018-5848
kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
En la función wmi_set_ie(), el código de validación de longitud no gestiona correctamente los desbordamientos de enteros sin firmar. Como resultado, un gran valor del argumento "ie_len" puede provocar un desbordamiento de búfer en todas las distribuciones de Android de CAF (Android for MSM, Firefox OS for MSM, QRD Android) que utilizan el kernel de Linux.
In the function wmi_set_ie() in the Linux kernel the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the ‘ie_len’ argument can cause a buffer overflow and thus a memory corruption leading to a system crash or other or unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-01-19 CVE Reserved
- 2018-06-12 CVE Published
- 2023-06-06 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (10)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html | Mailing List | |
https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html | Mailing List | |
https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2 | 2019-05-02 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2018:2948 | 2019-05-02 | |
https://access.redhat.com/errata/RHSA-2018:3083 | 2019-05-02 | |
https://access.redhat.com/errata/RHSA-2018:3096 | 2019-05-02 | |
https://source.android.com/security/bulletin/pixel/2018-05-01 | 2019-05-02 | |
https://access.redhat.com/security/cve/CVE-2018-5848 | 2018-10-30 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1590799 | 2018-10-30 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | - | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Virtualization Host Search vendor "Redhat" for product "Virtualization Host" | 4.0 Search vendor "Redhat" for product "Virtualization Host" and version "4.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
|