CVE-2018-11278

Name of the Vulnerable Software and Affected Versions Android for MSM (affected versions not specified) Firefox OS for MSM (affected versions not specified) QRD Android (affected versions not specified)

Description The issue arises when the Venus HW searches for a start code while decoding input bit stream buffers in the Linux kernel. If the start code is not found within the entire buffer, it results in an over-fetch beyond the allocation length, leading to a page fault.

Recommendations For Android for MSM, update the Linux kernel to a version that includes the fix for this issue. For Firefox OS for MSM, update the Linux kernel to a version that includes the fix for this issue. For QRD Android, update the Linux kernel to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Venus HW decoding functionality to minimize the risk of exploitation.