CVE-2017-11085

Name of the Vulnerable Software and Affected Versions Android for MSM versions (affected versions not specified) Firefox OS for MSM versions (affected versions not specified) QRD Android versions (affected versions not specified)

Description The issue is related to an integer overflow that leads to a buffer overflow. This occurs due to improper bound checking in the msm audio effects virtualizer handler function, located in the msm-audio-effects-q6-v2.c file. The problem affects Android releases that utilize the Linux kernel from CAF.

Recommendations For Android for MSM, update to a version that includes proper bound checking in the msm audio effects virtualizer handler function. For Firefox OS for MSM, update to a version that includes proper bound checking in the msm audio effects virtualizer handler function. For QRD Android, update to a version that includes proper bound checking in the msm audio effects virtualizer handler function. As a temporary workaround, consider restricting access to the msm audio effects virtualizer handler function until a patch is available.