PT-2017-11720 · Google+1 · Android+1
Publicado
2017-10-10
·
Atualizado
2017-10-19
·
CVE-2017-11057
CVSS v3.1
7.8
Alta
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Android for MSM versions (affected versions not specified)
Firefox OS for MSM versions (affected versions not specified)
QRD Android versions (affected versions not specified)
Description
The issue allows
flash data from 64-bit userspace to potentially cause disclosure of kernel memory or a fault due to using a userspace-provided address in compatibility mode.Recommendations
For Android for MSM, consider restricting access to
flash data in compatibility mode until a fix is available.
For Firefox OS for MSM, avoid using userspace-provided addresses for flash data in compatibility mode to minimize the risk of exploitation.
For QRD Android, as a temporary workaround, consider disabling compatibility mode for flash data until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Android
Firefox Os