CVE-2017-9690

Name of the Vulnerable Software and Affected Versions Android for MSM versions prior to the fixed version Firefox OS for MSM versions prior to the fixed version QRD Android versions prior to the fixed version Android releases from CAF using the Linux kernel versions prior to the fixed version

Description The issue is related to an incorrect buffer size check in the qbt1000 ioctl handler, which can lead to an integer overflow and potentially cause a buffer overflow. This can be exploited by a local attacker. The ioctl() function of the QBT1000 driver is affected, and the vulnerability is due to insufficient buffer size checks.

Recommendations For Android for MSM, update to a version that includes the fix for the buffer size check issue in the qbt1000 ioctl handler. For Firefox OS for MSM, update to a version that includes the fix for the buffer size check issue in the qbt1000 ioctl handler. For QRD Android, update to a version that includes the fix for the buffer size check issue in the qbt1000 ioctl handler. For Android releases from CAF using the Linux kernel, update to a version that includes the fix for the buffer size check issue in the qbt1000 ioctl handler. As a temporary workaround, consider restricting access to the ioctl() function of the QBT1000 driver to minimize the risk of exploitation.