CVE-2018-5853

low-risk

Published 2018-07-06

A race condition exists in a driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-05-05 potentially leading to a use-after-free condition.

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.0/10 High

LOCAL / HIGH complexity

Affected Products (1)

Android

Affected Vendors

Google

References (6)

Vendor Advisory https://source.android.com/security/bulletin/pixel/2018-05-01

Third Party Advisory https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacl...

Third Party Advisory https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-se...

Vendor Advisory https://source.android.com/security/bulletin/pixel/2018-05-01

Third Party Advisory https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacl...

Third Party Advisory https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-se...

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal