CVE-2017-11027

Name of the Vulnerable Software and Affected Versions Android for MSM versions (affected versions not specified) Firefox OS for MSM versions (affected versions not specified) QRD Android versions (affected versions not specified)

Description The issue arises when flashing a UBI image in Android for MSM, Firefox OS for MSM, and QRD Android, where the size of the image is not validated to ensure it is not smaller than the minimum header size. This lack of validation leads to an uninitialized data access issue.

Recommendations For Android for MSM, ensure proper size validation when flashing UBI images to prevent uninitialized data access. For Firefox OS for MSM, validate the size of UBI images before flashing to mitigate the risk. For QRD Android, implement size checks for UBI images to prevent exploitation of this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.