CVE-2017-11093

Name of the Vulnerable Software and Affected Versions Android for MSM (affected versions not specified) Firefox OS for MSM (affected versions not specified) QRD Android (affected versions not specified)

Description The issue is related to a buffer over-read in the Display component due to the lack of upper-bound validation when reading num of cea blocks from an untrusted source (EDID). This can lead to the exposure of kernel memory.

Recommendations For Android for MSM, consider applying configuration changes to restrict access to the Display component until a fix is available. For Firefox OS for MSM, restrict the use of the num of cea blocks variable from the EDID source to minimize the risk of exploitation. For QRD Android, as a temporary workaround, consider disabling the Display component's ability to read from the EDID source until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.