CVE-2017-18053

Name of the Vulnerable Software and Affected Versions: Android for MSM versions (affected versions not specified) Firefox OS for MSM versions (affected versions not specified) QRD Android versions (affected versions not specified)

Description: The issue is related to improper input validation for fix param->vdev id in the wma p2p lo event handler() function, which can lead to a potential out of bounds memory read. This occurs because the input is received from firmware.

Recommendations: For Android for MSM, ensure proper validation of the fix param->vdev id variable in the wma p2p lo event handler() function to prevent out of bounds memory access. For Firefox OS for MSM, consider restricting access to the wma p2p lo event handler() function until proper input validation is implemented. For QRD Android, as a temporary workaround, consider disabling the wma p2p lo event handler() function until a fix is available.