CVE-2017-14879

Name of the Vulnerable Software and Affected Versions: Android for MSM versions (affected versions not specified) Firefox OS for MSM versions (affected versions not specified) QRD Android versions (affected versions not specified)

Description: The issue arises when an IPA ioctl is called and the ipa idr find() function is used to search for a routing/filer/hdr rule handle from the ipa idr pointer. This can cause the wrong structure pointer to be returned, resulting in a slab out of bounds access in the IPA driver.

Recommendations: For Android for MSM, consider restricting access to the IPA driver until a fix is available. For Firefox OS for MSM, avoid using the ipa idr find() function in the IPA driver until the issue is resolved. For QRD Android, as a temporary workaround, consider disabling the IPA ioctl call until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.