CVE-2017-14883

Name of the Vulnerable Software and Affected Versions: Android for MSM versions prior to 2017-10-18 Firefox OS for MSM versions prior to 2017-10-18 QRD Android versions prior to 2017-10-18

Description: The issue arises in the wma unified power debug stats event handler() function when the param buf->num debug register value received from the FW command buffer is close to the maximum value of uint32. This can cause an overflow, resulting in less memory being allocated for power stats results and potentially leading to a buffer overflow when copying the FW buffer to the local buffer.

Recommendations: For Android for MSM versions prior to 2017-10-18, update to a version released after 2017-10-18 to resolve the issue. For Firefox OS for MSM versions prior to 2017-10-18, update to a version released after 2017-10-18 to resolve the issue. For QRD Android versions prior to 2017-10-18, update to a version released after 2017-10-18 to resolve the issue.