VYPR
High severity7.8NVD Advisory· Published Sep 18, 2018· Updated Jun 17, 2026

CVE-2018-11298

CVE-2018-11298

Description

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing SET_PASSPOINT_LIST vendor command HDD does not make sure that the realm string that gets passed by upper-layer is NULL terminated. This may lead to buffer overflow as strlen is used to get realm string length to construct the PASSPOINT WMA command.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1
  • Qualcomm, Inc./Android for MSM, Firefox OS for MSM, QRD Androidv5
    Range: All Android releases from CAF using the Linux kernel

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.