CVE-2017-14901

Name of the Vulnerable Software and Affected Versions Android for MSM versions (affected versions not specified) Firefox OS for MSM versions (affected versions not specified) QRD Android versions (affected versions not specified)

Description A buffer overrun issue occurs when processing the QCA NL80211 VENDOR SUBCMD SET TXPOWER SCALE vendor command. This happens because the attribute QCA WLAN VENDOR ATTR TXPOWER SCALE contains fewer than 1 byte.

Recommendations For Android for MSM, consider restricting access to the QCA NL80211 VENDOR SUBCMD SET TXPOWER SCALE vendor command until a patch is available. For Firefox OS for MSM, avoid using the attribute QCA WLAN VENDOR ATTR TXPOWER SCALE with fewer than 1 byte in the QCA NL80211 VENDOR SUBCMD SET TXPOWER SCALE vendor command. For QRD Android, as a temporary workaround, consider disabling the processing of the QCA NL80211 VENDOR SUBCMD SET TXPOWER SCALE vendor command until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.