CVE-2017-9693

Name of the Vulnerable Software and Affected Versions Android for MSM versions prior to 2017-06-06 Firefox OS for MSM versions prior to 2017-06-06 QRD Android versions prior to 2017-06-06

Description The issue arises when the length of the attribute value for STA EXT CAPABILITY in the wlan hdd change station function is less than the actual length of StaParams.extn capability. This discrepancy results in a read for extra bytes when a memcpy is done from params->ext capab to StaParams.extn capability using the sizeof(StaParams.extn capability).

Recommendations For Android for MSM versions prior to 2017-06-06, update to a version released after 2017-06-06 to resolve the issue. For Firefox OS for MSM versions prior to 2017-06-06, update to a version released after 2017-06-06 to resolve the issue. For QRD Android versions prior to 2017-06-06, update to a version released after 2017-06-06 to resolve the issue.