CVE-2017-10998

Name of the Vulnerable Software and Affected Versions Qualcomm products with Android releases from CAF using the Linux kernel (affected versions not specified)

Description The issue arises in the audio aio ion lookup vaddr function, where user input for buffer length is used to validate if the buffer is within a valid region. If the buffer length is sufficiently large, it can cause an overflow in the address + length operation, resulting in a value far below the valid region.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.