CVE-2017-11057

Name of the Vulnerable Software and Affected Versions Android for MSM versions (affected versions not specified) Firefox OS for MSM versions (affected versions not specified) QRD Android versions (affected versions not specified)

Description The issue allows flash data from 64-bit userspace to potentially cause disclosure of kernel memory or a fault due to using a userspace-provided address in compatibility mode.

Recommendations For Android for MSM, consider restricting access to flash data in compatibility mode until a fix is available. For Firefox OS for MSM, avoid using userspace-provided addresses for flash data in compatibility mode to minimize the risk of exploitation. For QRD Android, as a temporary workaround, consider disabling compatibility mode for flash data until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.