CVE-2018-5821
Description
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in function wma_wow_wakeup_host_event(), wake_info->vdev_id is received from FW and is used directly as array index to access wma->interfaces whose max index should be (max_bssid-1). If wake_info->vdev_id is greater than or equal to max_bssid, an out-of-bounds read occurs.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Out-of-bounds read in Qualcomm WMA driver due to missing bounds check on vdev_id from firmware, leading to info disclosure or DoS.
Vulnerability
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, the function wma_wow_wakeup_host_event() in the WMA driver receives wake_info->vdev_id from firmware and uses it directly as an array index to access wma->interfaces. The maximum valid index should be max_bssid - 1. If wake_info->vdev_id is greater than or equal to max_bssid, an out-of-bounds read occurs.
Exploitation
An attacker with the ability to influence the firmware's wake_info->vdev_id value can trigger the out-of-bounds read. This may be achieved by sending a crafted packet or through other means that cause the firmware to generate a WoW (Wake-on-Wireless) wakeup event with an invalid vdev_id. No authentication is required if the attacker can send wireless frames to the device.
Impact
Successful exploitation leads to an out-of-bounds read, which could result in information disclosure (leaking kernel memory) or a denial of service (system crash). The attacker may gain access to sensitive data from the kernel heap.
Mitigation
The vulnerability is fixed in Android security patch level 2018-04-05 [1]. Users should update their devices to the latest security patch. The fix ensures that wake_info->vdev_id is validated against max_bssid before being used as an array index. No workaround is available for unpatched devices.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: < 2018-04-05
- Range: < 2018-04-05
- Range: < 2018-04-05
- Qualcomm, Inc./Android for MSM, Firefox OS for MSM, QRD Androidv5Range: All Android releases from CAF using the Linux kernel
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- source.android.com/security/bulletin/pixel/2018-04-01mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.