PT-2018-10434 · Mozilla+3 · Firefox Os+3

Published

2018-09-04

Updated

2019-03-04

CVE-2018-11262

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Android for MSM versions prior to the fixed version Firefox OS for MSM versions prior to the fixed version QRD Android versions prior to the fixed version

Description The issue arises when trying to determine the total number of partitions via a non-zero check in Android for MSM, Firefox OS for MSM, and QRD Android, using the Linux kernel. There is a possibility that 'TotalPart' could exceed 'GptHeader->MaxPtCnt', resulting in an out-of-bounds (OOB) write when patching the GUID Partition Table (GPT).

Recommendations For Android for MSM, update to a version that includes the fix for this issue. For Firefox OS for MSM, update to a version that includes the fix for this issue. For QRD Android, update to a version that includes the fix for this issue.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-682CWE-787

Related Identifiers

CVE-2018-11262

Affected Products

Android

Firefox Os

Linux Kernel

Qrd Android

PT-2018-10434 · Mozilla+3 · Firefox Os+3

CVE-2018-11262

Weakness Enumeration

Related Identifiers

Affected Products

References · 4