Unrated severityNVD Advisory· Published Apr 3, 2018· Updated Sep 16, 2024

CVE-2018-3584

Description

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a Use After Free condition can occur in the function rmnet_usb_ctrl_init().

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A use-after-free vulnerability in the rmnet_usb_ctrl_init() function of the Qualcomm kernel on Android devices could lead to privilege escalation.

Vulnerability

A use-after-free (UAF) condition exists in the rmnet_usb_ctrl_init() function of the Qualcomm kernel used in Android for MSM, Firefox OS for MSM, and QRD Android devices running all Android releases from CAF before the security patch level 2018-04-05. This bug occurs when the driver improperly handles memory freeing or reuse, allowing an attacker to manipulate freed memory.

Exploitation

An attacker with local access and the ability to execute code on the device may exploit this vulnerability. The UAF condition can be triggered by invoking specific sequences that cause the driver to dereference already freed memory, potentially leading to further exploitation.

Impact

Successful exploitation could allow an attacker to escalate privileges from a low-privileged process to a higher-privileged context, potentially achieving arbitrary code execution in kernel space. This could result in a full compromise of the device's confidentiality, integrity, and availability [1].

Mitigation

Google released a security patch in the April 2018 Pixel/Nexus Security Bulletin [1]. All affected devices should update to the Android security patch level 2018-04-05 or later. No workaround is provided; flashing the updated firmware is the recommended action.

References

Pixel / Nexus Security Bulletin—April 2018

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Codeaurora/Android Msmllm-fuzzy
Range: < 2018-04-05
Qualcomm/Firefox OS for MSMllm-fuzzy
Range: < 2018-04-05
Qualcomm, Inc./Android for MSM, Firefox OS for MSM, QRD Androidv5
Range: All Android releases from CAF using the Linux kernel

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

source.android.com/security/bulletin/pixel/2018-04-01mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000