CVE-2017-14900

Name of the Vulnerable Software and Affected Versions Android for MSM versions (affected versions not specified) Firefox OS for MSM versions (affected versions not specified) QRD Android versions (affected versions not specified)

Description A buffer overrun issue occurs when processing the QCA NL80211 VENDOR SUBCMD GET CHAIN RSSI vendor command. This happens because the attribute QCA WLAN VENDOR ATTR MAC ADDR contains fewer than 6 bytes.

Recommendations For Android for MSM, as a temporary workaround, consider restricting access to the QCA NL80211 VENDOR SUBCMD GET CHAIN RSSI vendor command until a patch is available. For Firefox OS for MSM, restrict the use of the QCA WLAN VENDOR ATTR MAC ADDR attribute to minimize the risk of exploitation. For QRD Android, avoid using the QCA NL80211 VENDOR SUBCMD GET CHAIN RSSI vendor command in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.