PT-2018-6566 · Qualcomm+2 · Qualcomm Products+2

Published

2018-02-23

Updated

2018-03-12

CVE-2017-17764

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Qualcomm products with Android releases from CAF using the Linux kernel (affected versions not specified)

Description: The issue arises from the improper validation of the num failure info value from firmware in the wma rx aggr failure event handler() function, potentially leading to an integer overflow vulnerability in a buffer size calculation. This could result in a buffer overflow.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2017-17764

Affected Products

Android

Linux Kernel

Qualcomm Products

PT-2018-6566 · Qualcomm+2 · Qualcomm Products+2

CVE-2017-17764

Weakness Enumeration

Related Identifiers

Affected Products

References · 3