CVE-2017-18054

Name of the Vulnerable Software and Affected Versions: Android for MSM versions (affected versions not specified) Firefox OS for MSM versions (affected versions not specified) QRD Android versions (affected versions not specified)

Description: The issue is related to improper input validation for num vdev mac entries in the wma pdev hw mode transition evt handler() function, which can lead to a potential buffer overflow. This function receives input from firmware.

Recommendations: For Android for MSM, ensure proper validation of the num vdev mac entries variable to prevent buffer overflow. For Firefox OS for MSM, restrict the input from firmware to the wma pdev hw mode transition evt handler() function to minimize the risk of exploitation. For QRD Android, consider implementing additional validation for the num vdev mac entries variable in the wma pdev hw mode transition evt handler() function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.