CVE-2017-11069

Name of the Vulnerable Software and Affected Versions Android for MSM versions (affected versions not specified) QRD Android versions (affected versions not specified) Firefox OS for MSM versions (affected versions not specified) All Android releases from CAF using the Linux kernel versions (affected versions not specified)

Description The issue is related to the manipulation of SafeSwitch Image data, which can result in a heap overflow. It is also described as a buffer overflow vulnerability in the Bootloader component of Android operating systems from the CAF repository. This vulnerability can be exploited by a remote attacker to cause a buffer overflow on the heap by manipulating Qualcomm SafeSwitch image data.

Recommendations For Android for MSM, consider restricting access to the SafeSwitch Image data until a patch is available. For QRD Android, avoid using the Bootloader component with untrusted input until the issue is resolved. For Firefox OS for MSM, as a temporary workaround, consider disabling the Bootloader component until a fix is provided. For all Android releases from CAF using the Linux kernel, restrict manipulation of Qualcomm SafeSwitch image data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.