CVE-2018-5873: Use After Free
First published: Mon Jul 02 2018(Updated: )
An issue was discovered in the __ns_get_path function in fs/nsfs.c in the Linux kernel before 4.11. Due to a race condition when accessing files, a Use After Free condition can occur. This also affects all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05.
Credit: product-security@qualcomm.com product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Android | ||
| Google Android | ||
| Linux Kernel | >=3.19<4.1.50 | |
| Linux Kernel | >=4.2<4.4.116 | |
| Linux Kernel | >=4.5<4.9.82 | |
| Linux Kernel | >=4.10<4.11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=34742aaf7cb16c95edba4a7afed6d2c4fa7e434b
- https://source.android.com/docs/security/bulletin/2018-07-01 (Advisory)
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073c516ff73557a8f7315066856c04b50383ac34
- https://github.com/torvalds/linux/commit/073c516ff73557a8f7315066856c04b50383ac34
- https://source.android.com/security/bulletin/2018-07-01
- https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin
Frequently Asked Questions
What is the severity of CVE-2018-5873?
CVE-2018-5873 has a severity rating that indicates it can lead to a Use After Free condition, potentially allowing for arbitrary code execution.
How do I fix CVE-2018-5873?
To fix CVE-2018-5873, you should update your Linux kernel to version 4.11 or later.
Which versions of the Linux kernel are affected by CVE-2018-5873?
CVE-2018-5873 affects Linux kernel versions below 4.11, specifically versions 4.10 and earlier.
Does CVE-2018-5873 affect Android devices?
Yes, CVE-2018-5873 affects all Android releases from CAF that use the Linux kernel prior to version 4.11.
What type of vulnerability is CVE-2018-5873?
CVE-2018-5873 is classified as a Use After Free vulnerability caused by a race condition in file access.
- agent/weakness
- agent/type
- agent/author
- agent/first-publish-date
- agent/remedy
- agent/references
- agent/severity
- agent/description
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/google
- canonical/google android
- vendor/linux
- canonical/linux kernel
- version/linux kernel/3.19
- version/linux kernel/4.2
- version/linux kernel/4.5
- version/linux kernel/4.10