CVE-2018-5836

Name of the Vulnerable Software and Affected Versions: Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05

Description: The issue arises from the wma nan rsp event handler() function, where the data len value received from firmware is not properly validated. This could potentially lead to an out-of-bounds access.

Recommendations: For Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, update to a version with a security patch level of 2018-06-05 or later to resolve the issue.