CVE-2018-11883

Name of the Vulnerable Software and Affected Versions Android for MSM (affected versions not specified) Firefox OS for MSM (affected versions not specified) QRD Android (affected versions not specified)

Description The issue occurs when the mode parameter in the wlan function is given an out of bound value, causing an out of bound access while accessing the PCL table in the policy mgr unit test. This is a problem in all Android releases from CAF using the linux kernel.

Recommendations For Android for MSM, update the policy manager to validate the mode parameter in the wlan function to prevent out of bound access. For Firefox OS for MSM, restrict access to the wlan function until a patch is available to fix the out of bound access issue. For QRD Android, consider disabling the policy mgr unit test until a fix is implemented to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.