CVE-2017-18132

Name of the Vulnerable Software and Affected Versions: Android versions prior to security patch level 2018-04-05

Description: The issue is related to an out-of-bounds access in the tz assign() function, potentially allowing a remote attacker to impact the confidentiality, integrity, and availability of protected information. This is due to a buffer overflow in the Qualcomm Trusted Execution Environment component of the Android operating system.

Recommendations: For Android versions prior to security patch level 2018-04-05, update to a version with a security patch level of 2018-04-05 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information and functions that may be impacted by the tz assign() function until a patch is applied.