High severity7.8NVD Advisory· Published Sep 18, 2018· Updated Jun 17, 2026
CVE-2018-11299
CVE-2018-11299
Description
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when WLAN FW has not filled the vdev id correctly in stats events then WLAN host driver tries to access interface array without proper bound check which can lead to invalid memory access and as a side effect kernel panic or page fault.
Affected products
1- Qualcomm, Inc./Android for MSM, Firefox OS for MSM, QRD Androidv5Range: All Android releases from CAF using the Linux kernel
Patches
Vulnerability mechanics
References
3- source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/nvdPatchThird Party Advisory
- www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletinnvdPatchThird Party Advisory
- www.securityfocus.com/bid/107770nvd
News mentions
0No linked articles in our index yet.