nvd-json-data-feeds/CVE-2018/CVE-2018-58xx/CVE-2018-5840.json

{
  "id": "CVE-2018-5840",
  "sourceIdentifier": "product-security@qualcomm.com",
  "published": "2018-06-06T21:29:00.503",
  "lastModified": "2024-11-21T04:09:31.320",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer Copy without Checking Size of Input can occur during the DRM SDE driver initialization sequence in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel."
    },
    {
      "lang": "es",
      "value": "Puede ocurrir una copia de b\u00fafer sin comprobaci\u00f3n del tama\u00f1o de la entrada durante la secuencia de inicializaci\u00f3n del controlador DRM SDE en todas las distribuciones de Android de CAF (Android for MSM, Firefox OS for MSM, QRD Android) que utilizan el kernel de Linux."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "baseScore": 9.3,
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE"
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2",
      "source": "product-security@qualcomm.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://source.android.com/security/bulletin/2018-05-01",
      "source": "nvd@nist.gov",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ]
    }
  ]
}