CVE-2017-15831

Name of the Vulnerable Software and Affected Versions: Android for MSM versions (affected versions not specified) Firefox OS for MSM versions (affected versions not specified) QRD Android versions (affected versions not specified)

Description: The issue is related to a lack of input validation in the wma ndp end indication event handler() function, which can lead to an integer overflow. This overflow can potentially cause a heap overwrite. The problem arises from an unvalidated event info value coming from firmware.

Recommendations: For Android for MSM, ensure proper validation of the event info value in the wma ndp end indication event handler() function to prevent integer overflow. For Firefox OS for MSM, consider implementing input validation checks for the event info value to mitigate the risk of heap overwrite. For QRD Android, restrict access to the wma ndp end indication event handler() function until proper input validation is implemented. At the moment, there is no information about a newer version that contains a fix for this vulnerability.