{"api_version":"1","generated_at":"2026-04-23T05:07:12+00:00","cve":"CVE-2018-13893","urls":{"html":"https://cve.report/CVE-2018-13893","api":"https://cve.report/api/cve/CVE-2018-13893.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-13893","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-13893"},"summary":{"title":"CVE-2018-13893","description":"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Out of bound mask range access caused by using possible old value of msg mask table count while copying masks to userspace.","state":"PUBLIC","assigner":"product-security@qualcomm.com","published_at":"2019-02-11 15:29:00","updated_at":"2019-02-12 15:04:00"},"problem_types":["CWE-119"],"metrics":[],"references":[{"url":"https://www.codeaurora.org/security-bulletin/2019/01/07/january-2019-code-aurora-security-bulletin","name":"https://www.codeaurora.org/security-bulletin/2019/01/07/january-2019-code-aurora-security-bulletin","refsource":"CONFIRM","tags":["Patch","Third Party Advisory"],"title":"January 2019 Code Aurora Security Bulletin - Code Aurora","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-13893","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-13893","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"13893","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"13893","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2018-13893","qid":"610347","title":"Google Android May 2021 Security Patch Missing for Huawei EMUI"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"product-security@qualcomm.com","ID":"CVE-2018-13893","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Android for MSM, Firefox OS for MSM, QRD Android","version":{"version_data":[{"version_value":"All Android releases from CAF using the Linux kernel"}]}}]},"vendor_name":"Qualcomm, Inc."}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Out of bound mask range access caused by using possible old value of msg mask table count while copying masks to userspace."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Untrusted Pointer Dereference in DIAG Services"}]}]},"references":{"reference_data":[{"name":"https://www.codeaurora.org/security-bulletin/2019/01/07/january-2019-code-aurora-security-bulletin","refsource":"CONFIRM","url":"https://www.codeaurora.org/security-bulletin/2019/01/07/january-2019-code-aurora-security-bulletin"}]}},"nvd":{"publishedDate":"2019-02-11 15:29:00","lastModifiedDate":"2019-02-12 15:04:00","problem_types":["CWE-119"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.6},"severity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"13893","Ordinal":"130556","Title":"CVE-2018-13893","CVE":"CVE-2018-13893","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"13893","Ordinal":"1","NoteData":"In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Out of bound mask range access caused by using possible old value of msg mask table count while copying masks to userspace.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"13893","Ordinal":"2","NoteData":"2019-02-11","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"13893","Ordinal":"3","NoteData":"2019-02-11","Type":"Other","Title":"Modified"}]}}}