CVE-2017-11064

Name of the Vulnerable Software and Affected Versions Android for MSM versions (affected versions not specified) Firefox OS for MSM versions (affected versions not specified) QRD Android versions (affected versions not specified)

Description A buffer overread issue is observed during the processing of certain cfg80211 vendor commands, specifically ACA NL80211 VENDOR SUBCMD EXTSCAN PNO SET PASSPOINT LIST and QCA NL80211 VENDOR SUBCMD EXTSCAN PNO SET LIST, in the wlan hdd cfg80211 set passpoint list and hdd extscan passpoint fill network list functions respectively.

Recommendations For Android for MSM, consider restricting access to the wlan hdd cfg80211 set passpoint list and hdd extscan passpoint fill network list functions until a patch is available. For Firefox OS for MSM, avoid using the ACA NL80211 VENDOR SUBCMD EXTSCAN PNO SET PASSPOINT LIST and QCA NL80211 VENDOR SUBCMD EXTSCAN PNO SET LIST cfg80211 vendor commands in the affected API endpoints until the issue is resolved. For QRD Android, as a temporary workaround, consider disabling the wlan hdd cfg80211 set passpoint list and hdd extscan passpoint fill network list functions until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.