PT-2017-1801 · Google+1 · Android+1

Daxing Guo

Publicado

2017-04-07

Atualizado

2017-07-11

CVE-2017-0585

CVSS v3.1

4.7

Média

Vetor

AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Android versions Kernel-3.10, Kernel-3.18

Description An information disclosure issue in the Broadcom Wi-Fi driver could allow a local malicious application to access data outside of its permission levels. This issue requires compromising a privileged process first. The vulnerability is related to the lack of protection for service data, which could allow a remote attacker to violate data confidentiality using a local malicious application.

Recommendations For Android versions Kernel-3.10, Kernel-3.18, consider restricting access to the Broadcom Wi-Fi driver until a patch is available. As a temporary workaround, consider disabling the Wi-Fi functionality in privileged processes to minimize the risk of exploitation.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

BDU:2017-00957

CVE-2017-0585

Produtos afetados

Android

Broadcom Wi-Fi Driver

PT-2017-1801 · Google+1 · Android+1

CVE-2017-0585

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9