CVE-2018-3592
Description
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, added a change to check if the pointer has been reset to NULL or not, before writing to the memory pointed by the pointer.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing NULL pointer check in Android on Qualcomm Snapdragon could lead to memory corruption or privilege escalation.
Vulnerability
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear chipsets, a missing NULL pointer check was identified. The affected chipsets include MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850. The vulnerability exists in a kernel-level driver or component where a pointer is used without verifying it is not NULL before writing to the memory location. This allows a potential use-after-free or null pointer dereference scenario.
Exploitation
An attacker with local access to the device and ability to execute code at a lower privilege level could trigger the vulnerability. The exact steps require sending a specially crafted input to the vulnerable driver, leading to the pointer being set to NULL or an invalid memory region. No user interaction is needed beyond exploiting the device.
Impact
Successful exploitation could cause memory corruption, denial of service, or elevation of privilege to the kernel level. The attacker may overwrite sensitive memory regions, potentially gaining arbitrary code execution with system privileges.
Mitigation
The fix is included in the Android security patch level 2018-04-05 [1]. Users should ensure their devices receive the April 2018 or later security update. There is no known workaround besides applying the patch.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Qualcomm, Inc./Snapdragon Mobile, Snapdragon Wearv5Range: MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/103671mitrevdb-entryx_refsource_BID
- source.android.com/security/bulletin/2018-04-01mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.