CVE-2017-11090

Name of the Vulnerable Software and Affected Versions Android for MSM versions (affected versions not specified) Firefox OS for MSM versions (affected versions not specified) QRD Android versions (affected versions not specified)

Description A buffer overread issue is observed in the wlan hdd cfg80211 set pmksa function when a user space application sends a PMKID of size less than WLAN PMKID LEN bytes. This issue affects Android releases from CAF using the Linux kernel.

Recommendations For Android for MSM, consider restricting the use of the wlan hdd cfg80211 set pmksa function until a patch is available. For Firefox OS for MSM, avoid using PMKID sizes less than WLAN PMKID LEN bytes in the affected function. For QRD Android, as a temporary workaround, consider disabling the wlan hdd cfg80211 set pmksa function until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this issue.