CVE-2017-15821

Name of the Vulnerable Software and Affected Versions: Android for MSM versions (affected versions not specified) QRD Android versions (affected versions not specified) All Android releases from CAF using the Linux kernel versions (affected versions not specified)

Description: The issue is related to the function wma p2p noa event handler() where there is no bound check on a value coming from firmware, potentially leading to a buffer overwrite. This could allow an attacker to execute arbitrary code in the context of a privileged process using a specially crafted file.

Recommendations: For Android for MSM, consider disabling the wma p2p noa event handler() function until a patch is available. For QRD Android, restrict access to the wma p2p noa event handler() function to minimize the risk of exploitation. For all Android releases from CAF using the Linux kernel, avoid using the wma p2p noa event handler() function in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.