CVE-2017-14882

Name of the Vulnerable Software and Affected Versions: Android for MSM versions (affected versions not specified) QRD Android versions (affected versions not specified) Firefox OS for MSM versions (affected versions not specified) All Android releases from CAF using the Linux kernel versions (affected versions not specified)

Description: The issue arises from the function lim process action vendor specific() when processing VENDOR specific action frames. A comparison is made with the incoming action frame body without validating its length, potentially leading to an out-of-bounds access. This could allow a remote attacker to disclose protected information due to a buffer overflow in the WLAN component of the Android operating system.

Recommendations: For Android for MSM, consider disabling the lim process action vendor specific() function until a patch is available. For QRD Android, restrict access to the WLAN component to minimize the risk of exploitation. For Firefox OS for MSM, avoid using the VENDOR specific action frame in the affected API endpoint until the issue is resolved. For all Android releases from CAF using the Linux kernel, apply configuration changes to limit the impact of the buffer overflow, such as restricting remote access to the WLAN component. At the moment, there is no information about a newer version that contains a fix for this vulnerability.