CVE-2017-15814

Name of the Vulnerable Software and Affected Versions: Android for MSM versions (affected versions not specified) Firefox OS for MSM versions (affected versions not specified) QRD Android versions (affected versions not specified)

Description: The issue is related to improper input validation in the msm flash subdev do ioctl function of the msm flash.c file. This can lead to a possible out of bounds read when flash data.cfg type is CFG FLASH INIT, potentially resulting in local information disclosure. System execution privileges are required for exploitation, and user interaction is not needed.

Recommendations: For Android for MSM, ensure proper input validation is in place for the msm flash subdev do ioctl function to prevent out of bounds reads. For Firefox OS for MSM, restrict access to the msm flash subdev do ioctl function to minimize the risk of exploitation. For QRD Android, consider implementing additional validation for flash data.cfg type to prevent improper input validation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.