CVE-2017-9710

Name of the Vulnerable Software and Affected Versions Android for MSM versions (affected versions not specified) Firefox OS for MSM versions (affected versions not specified) QRD Android versions (affected versions not specified)

Description The issue is related to the IOCTL interface, which can be called from multiple contexts, potentially resulting in a buffer overflow of the msg cache when sending QMI NOTIFY REQ messages.

Recommendations For Android for MSM, restrict access to the IOCTL interface until a patch is available. For Firefox OS for MSM, consider disabling the QMI NOTIFY REQ message functionality as a temporary workaround. For QRD Android, avoid using the IOCTL interface for sending QMI NOTIFY REQ messages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.