CVE-2018-5861

Name of the Vulnerable Software and Affected Versions: Android for MSM (affected versions not specified) Firefox OS for MSM (affected versions not specified) QRD Android (affected versions not specified)

Description: The issue arises from incomplete checks on partition size, which can lead to heap overwrite vulnerabilities when loading a secure application from the boot loader. This affects Android releases using the Linux kernel from CAF.

Recommendations: For Android for MSM, update the kernel to include complete partition size checks to prevent heap overwrite vulnerabilities. For Firefox OS for MSM, ensure that secure application loading from the boot loader includes robust partition size validation. For QRD Android, modify the boot loader to enforce thorough checks on partition sizes before loading secure applications.