A vulnerability was found in Google Android (Smartphone Operating System) (unknown version) and classified as critical. Affected by this issue is an unknown code block of the component KGSL Driver. The manipulation with an unknown input leads to a use after free vulnerability. Using CWE to declare the problem leads to CWE-416. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. Impacted is confidentiality, integrity, and availability. CVE summarizes:

In the KGSL driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a reference counting error can lead to a Use After Free condition.

The bug was discovered 07/02/2018. The weakness was shared 07/06/2018 (Website). The advisory is shared for download at source.android.com. This vulnerability is handled as CVE-2018-5831 since 01/19/2018. The exploitation is known to be easy. The attack needs to be approached locally. No form of authentication is required for exploitation. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 04/05/2023). It is expected to see the exploit prices for this product increasing in the near future.

The vulnerability was handled as a non-public zero-day exploit for at least 4 days. During that time the estimated underground price was around $5k-$25k.

Applying a patch is able to eliminate this problem.

The entries VDB-120503, VDB-120504, VDB-120515 and VDB-120522 are related to this item. If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Type

• Smartphone Operating System

Vendor

• Google

Name

• Android

License

• free

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion