VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 3, 2018· Updated Sep 16, 2024

CVE-2018-3563

CVE-2018-3563

Description

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, untrusted pointer dereference in apr_cb_func can lead to an arbitrary code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An untrusted pointer dereference in the APR callback function of Qualcomm components on Android can lead to arbitrary code execution.

Vulnerability

The vulnerability resides in the apr_cb_func function within the APR (Asynchronous Protocol Router) subsystem of Qualcomm components used in Android for MSM, Firefox OS for MSM, and QRD Android. An untrusted pointer dereference allows an attacker to control a function pointer, leading to arbitrary code execution. The affected versions include all Android releases from CAF using the Linux kernel before the security patch level 2018-04-05 [1].

Exploitation

The attacker requires local access to the device and the ability to pass a crafted packet to the APR subsystem. No additional authentication or user interaction is needed beyond that. The exploitation involves sending a specially crafted APR message that triggers the untrusted pointer dereference in apr_cb_func [1].

Impact

Successful exploitation results in arbitrary code execution in the context of the kernel. This can lead to full compromise of the device's confidentiality, integrity, and availability, including the ability to install malicious code, access sensitive data, or perform other unauthorized actions [1].

Mitigation

The issue is fixed in the Android security patch level 2018-04-05. Users should update their devices to a security patch date of April 2018 or later [1].

References
  1. Android Security Bulletin—April 2018

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4
  • Codeaurora/Android Msmllm-fuzzy
    Range: < Android security patch level 2018-04-05
  • Qualcomm/Firefox OS for MSMllm-fuzzy
    Range: < Android security patch level 2018-04-05
  • Qualcomm/QRD Androidllm-fuzzy
    Range: < Android security patch level 2018-04-05
  • Qualcomm, Inc./Android for MSM, Firefox OS for MSM, QRD Androidv5
    Range: All Android releases from CAF using the Linux kernel

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.