CVE-2017-14916

Name of the Vulnerable Software and Affected Versions Android for MSM versions prior to the fixed version Android versions prior to the fixed version QRD Android versions prior to the fixed version

Description The issue is related to insufficient input validation in the message passing interface of the Qualcomm Trusted Execution Environment (TEE) in the Android operating system. This can allow a remote attacker to execute arbitrary code. The problem is also described as a lack of proper validation of buffer sizes in the message passing interface, which can be exploited.

Recommendations For Android for MSM, update to a version that includes the fix for this issue. For Android, update to a version that includes the fix for this issue. For QRD Android, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the message passing interface until a patch is available.