CVE-2017-15325

Name of the Vulnerable Software and Affected Versions: Prague smart phones versions earlier than Prague-AL00AC00B211 Prague smart phones versions earlier than Prague-AL00BC00B211 Prague smart phones versions earlier than Prague-AL00CC00B211 Prague smart phones versions earlier than Prague-TL00AC01B211 Prague smart phones versions earlier than Prague-TL10AC01B211

Description: The Bdat driver has an integer overflow issue due to a lack of parameter validation. This can be exploited by an attacker who tricks a user into installing a malicious APP, which can then send a specific parameter to the driver, potentially leading to arbitrary code execution.

Recommendations: For versions earlier than Prague-AL00AC00B211, update to Prague-AL00AC00B211 or later. For versions earlier than Prague-AL00BC00B211, update to Prague-AL00BC00B211 or later. For versions earlier than Prague-AL00CC00B211, update to Prague-AL00CC00B211 or later. For versions earlier than Prague-TL00AC01B211, update to Prague-TL00AC01B211 or later. For versions earlier than Prague-TL10AC01B211, update to Prague-TL10AC01B211 or later.