CVE-2018-11818

Name of the Vulnerable Software and Affected Versions Android for MSM (affected versions not specified) Firefox OS for MSM (affected versions not specified) QRD Android (affected versions not specified)

Description The issue arises from the way LUT configuration is passed from userspace to the driver via ioctl in the linux kernel, used by all android releases from CAF. A race condition can occur when there are simultaneous updates from userspace while kernel drivers are updating LUT registers.

Recommendations For Android for MSM, consider restricting access to the ioctl until a proper synchronization mechanism is implemented to prevent the race condition. For Firefox OS for MSM, avoid simultaneous updates from userspace while kernel drivers are updating LUT registers as a temporary workaround. For QRD Android, implement a locking mechanism to ensure exclusive access to LUT registers during updates to prevent the race condition. At the moment, there is no information about a newer version that contains a fix for this vulnerability.