PT-2018-6645 · Mozilla+1 · Firefox Os+1
Published
2018-03-16
·
Updated
2018-04-04
·
CVE-2017-18055
CVSS v2.0
4.6
Medium
| Vector | AV:L/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
Android for MSM versions (affected versions not specified)
Firefox OS for MSM versions (affected versions not specified)
QRD Android versions (affected versions not specified)
Description:
The issue arises from improper input validation for
wmi event->num vdev mac entries in the wma pdev set hw mode resp evt handler() function, which receives data from firmware, potentially leading to a buffer overflow.Recommendations:
For Android for MSM, ensure proper validation of
wmi event->num vdev mac entries to prevent buffer overflow.
For Firefox OS for MSM, consider implementing input validation for wmi event->num vdev mac entries in the wma pdev set hw mode resp evt handler() function as a mitigation measure.
For QRD Android, restrict access to the wma pdev set hw mode resp evt handler() function until proper input validation for wmi event->num vdev mac entries is implemented.Fix
RCE
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Android
Firefox Os