PT-2017-11714 · Qualcomm+2 · Qrd Android+2

Published

2017-10-10

Updated

2017-10-19

CVE-2017-11051

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Android for MSM (affected versions not specified) Firefox OS for MSM (affected versions not specified) QRD Android (affected versions not specified)

Description The issue allows for information disclosure due to the hb params buffer not being initialized to zero in the wlan hdd cfg80211 testmode function.

Recommendations For Android for MSM, consider restricting access to the wlan hdd cfg80211 testmode function until a patch is available. For Firefox OS for MSM, avoid using the wlan hdd cfg80211 testmode function in sensitive operations until the issue is resolved. For QRD Android, as a temporary workaround, consider disabling the wlan hdd cfg80211 testmode function until a fix is provided.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-11051

Affected Products

Android

Firefox Os

Qrd Android

PT-2017-11714 · Qualcomm+2 · Qrd Android+2

CVE-2017-11051

Weakness Enumeration

Related Identifiers

Affected Products

References · 4