CVE-2017-18069

Name of the Vulnerable Software and Affected Versions Android for MSM versions (affected versions not specified) QRD Android versions (affected versions not specified) All Android releases from CAF using the Linux kernel versions (affected versions not specified)

Description The issue is related to improper message length calculation in the oem cmd handler() function while processing a WLAN NL MSG OEM netlink message, leading to a buffer overread. This can allow a remote attacker to disclose protected information using a specially crafted request.

Recommendations For Android for MSM, consider restricting access to the oem cmd handler() function until a patch is available. For QRD Android, avoid using the WLAN NL MSG OEM netlink message in the affected component until the issue is resolved. For all Android releases from CAF using the Linux kernel, as a temporary workaround, consider disabling the WLAN component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.