CVE-2017-18067

Name of the Vulnerable Software and Affected Versions: Android for MSM versions (affected versions not specified) QRD Android versions (affected versions not specified) Firefox OS for MSM versions (affected versions not specified) All Android releases from CAF using the Linux kernel versions (affected versions not specified)

Description: The issue is related to improper input validation while processing an encrypted authentication management frame, which leads to a buffer overflow in the lim send auth mgmt frame() function. This can potentially allow a remote attacker to execute arbitrary code.

Recommendations: For Android for MSM, consider restricting access to the lim send auth mgmt frame() function until a patch is available. For QRD Android, avoid using the vulnerable authentication management frame processing functionality until the issue is resolved. For Firefox OS for MSM, as a temporary workaround, consider disabling the wireless network driver from the CAF repository to minimize the risk of exploitation. For all Android releases from CAF using the Linux kernel, restrict access to the vulnerable buffer overflow area in memory to prevent potential code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.