CVE-2018-3574
CVE-2018-3574
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS —EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
19 set 2018Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, userspace can request ION cache maintenance on a secure ION buffer for which the ION_FLAG_SECURE ion flag is not set and cause the kernel to attempt to perform cache maintenance on memory which does not belong to HLOS.
Produtos afetados
Qualcomm, Inc. · Android for MSM, Firefox OS for MSM, QRD AndroidQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=3286b75d91519073d2f20bee85f22e294d5f1a18https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=09874396dfbf546e5a628d810fcf5ea51a4d5785https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=53261410da625aaa2e070555aaa150a8533e5be4https://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000049462https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin