{"api_version":"1","generated_at":"2026-04-23T05:07:11+00:00","cve":"CVE-2018-11987","urls":{"html":"https://cve.report/CVE-2018-11987","api":"https://cve.report/api/cve/CVE-2018-11987.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-11987","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-11987"},"summary":{"title":"CVE-2018-11987","description":"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, if there is an unlikely memory alloc failure for the secure pool in boot, it can result in wrong pointer access causing kernel panic.","state":"PUBLIC","assigner":"product-security@qualcomm.com","published_at":"2018-12-20 15:29:00","updated_at":"2019-01-09 16:46:00"},"problem_types":["CWE-415"],"metrics":[],"references":[{"url":"https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin","name":"https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin","refsource":"CONFIRM","tags":["Patch","Third Party Advisory"],"title":"December 2018 Code Aurora Security Bulletin - Code Aurora","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-11987","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11987","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"11987","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"11987","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2018-11987","qid":"610347","title":"Google Android May 2021 Security Patch Missing for Huawei EMUI"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"product-security@qualcomm.com","ID":"CVE-2018-11987","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Android for MSM, Firefox OS for MSM, QRD Android","version":{"version_data":[{"version_value":"All Android releases from CAF using the Linux kernel"}]}}]},"vendor_name":"Qualcomm, Inc."}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, if there is an unlikely memory alloc failure for the secure pool in boot, it can result in wrong pointer access causing kernel panic."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Double Free Issue in Kernel"}]}]},"references":{"reference_data":[{"name":"https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin","refsource":"CONFIRM","url":"https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin"}]}},"nvd":{"publishedDate":"2018-12-20 15:29:00","lastModifiedDate":"2019-01-09 16:46:00","problem_types":["CWE-415"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.6},"severity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"11987","Ordinal":"128499","Title":"CVE-2018-11987","CVE":"CVE-2018-11987","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"11987","Ordinal":"1","NoteData":"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, if there is an unlikely memory alloc failure for the secure pool in boot, it can result in wrong pointer access causing kernel panic.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"11987","Ordinal":"2","NoteData":"2018-12-20","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"11987","Ordinal":"3","NoteData":"2018-12-20","Type":"Other","Title":"Modified"}]}}}