CVE-2018-11286

Name of the Vulnerable Software and Affected Versions Android for MSM (affected versions not specified) Firefox OS for MSM (affected versions not specified) QRD Android (affected versions not specified)

Description The issue occurs when accessing the global variable debug client in a multi-threaded manner, resulting in a use after free problem. This affects Android releases that utilize the Linux kernel from CAF.

Recommendations For Android for MSM, consider restricting access to the global variable debug client to prevent multi-threaded issues until a fix is available. For Firefox OS for MSM, avoid using the debug client variable in multi-threaded environments as a temporary workaround. For QRD Android, as a mitigation measure, restrict concurrent access to the debug client variable. At the moment, there is no information about a newer version that contains a fix for this vulnerability.