PT-2018-6646 · Mozilla+1 · Firefox Os+1

Published

2018-03-16

Updated

2018-04-04

CVE-2017-18057

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Android for MSM versions (affected versions not specified) Firefox OS for MSM versions (affected versions not specified) QRD Android versions (affected versions not specified)

Description: The issue is related to improper input validation for vdev id in the wma nlo scan cmp evt handler() function, which receives input from firmware. This can lead to a potential out of bounds memory read.

Recommendations: For Android for MSM, ensure proper validation of vdev id in the wma nlo scan cmp evt handler() function to prevent out of bounds memory read. For Firefox OS for MSM, restrict access to the wma nlo scan cmp evt handler() function until a proper fix is applied. For QRD Android, consider disabling the wma nlo scan cmp evt handler() function as a temporary workaround until a patch is available.

Fix

RCE

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-125

Related Identifiers

CVE-2017-18057

Affected Products

Android

Firefox Os

PT-2018-6646 · Mozilla+1 · Firefox Os+1

CVE-2017-18057

Weakness Enumeration

Related Identifiers

Affected Products

References · 3