CVE-2017-11060

Name of the Vulnerable Software and Affected Versions Android for MSM versions (affected versions not specified) Firefox OS for MSM versions (affected versions not specified) QRD Android versions (affected versions not specified)

Description A buffer overread issue is observed during the processing of certain cfg80211 vendor commands, specifically ACA NL80211 VENDOR SUBCMD EXTSCAN PNO SET PASSPOINT LIST and QCA NL80211 VENDOR SUBCMD EXTSCAN PNO SET LIST, in the wlan hdd cfg80211 set passpoint list and hdd extscan passpoint fill network list functions respectively.

Recommendations For Android for MSM, consider restricting access to the wlan hdd cfg80211 set passpoint list function until a patch is available. For Firefox OS for MSM, restrict access to the hdd extscan passpoint fill network list function as a temporary workaround. For QRD Android, avoid using the ACA NL80211 VENDOR SUBCMD EXTSCAN PNO SET PASSPOINT LIST and QCA NL80211 VENDOR SUBCMD EXTSCAN PNO SET LIST cfg80211 vendor commands in the affected functions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.