CVE-2018-5859 : Exploit Details and Defense Strategies

A Use After Free vulnerability in the MDSS MDP driver in Android releases from CAF using the Linux kernel, affecting Qualcomm devices.

Understanding CVE-2018-5859

A Use After Free vulnerability in the MDSS MDP driver in Android releases from CAF using the Linux kernel, affecting Qualcomm devices.

What is CVE-2018-5859?

A Use After Free vulnerability in the MDSS MDP driver in all versions of Android releases from CAF that use the Linux kernel (such as Android for MSM, Firefox OS for MSM, QRD Android) before the security patch level 2018-07-05, due to a race condition.

The Impact of CVE-2018-5859

The vulnerability could allow an attacker to execute arbitrary code or cause a denial of service by exploiting the Use After Free condition.

Technical Details of CVE-2018-5859

A vulnerability that affects Qualcomm devices running Android releases from CAF using the Linux kernel.

Vulnerability Description

Use After Free condition in the MDSS MDP driver.

Affected Systems and Versions

Products: Android for MSM, Firefox OS for MSM, QRD Android
Vendor: Qualcomm, Inc.
Versions: All Android releases from CAF using the Linux kernel

Exploitation Mechanism

The vulnerability arises due to a race condition in the MDSS MDP driver.

Mitigation and Prevention

Steps to address and prevent the CVE-2018-5859 vulnerability.

Immediate Steps to Take

Apply the security patch level 2018-07-05 or later to mitigate the vulnerability.
Monitor vendor security bulletins for updates and patches.

Long-Term Security Practices

Regularly update software and firmware on affected devices.
Implement security best practices to prevent and detect exploitation attempts.

Patching and Updates

Ensure all Qualcomm devices running affected versions receive the necessary security patches and updates.