PT-2018-6647 · Mozilla+2 · Firefox Os+2
Published
2018-03-16
·
Updated
2018-04-04
·
CVE-2017-18058
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Android for MSM versions (affected versions not specified)
Firefox OS for MSM versions (affected versions not specified)
QRD Android versions (affected versions not specified)
Description:
The issue is related to improper input validation for
wow buf pkt len in wma wow wakeup host event(), which is received from firmware, leading to a potential out of bounds memory read. This affects Android releases from CAF using the Linux kernel.Recommendations:
For Android for MSM, update to a version that includes input validation for
wow buf pkt len in wma wow wakeup host event().
For Firefox OS for MSM, update to a version that includes input validation for wow buf pkt len in wma wow wakeup host event().
For QRD Android, update to a version that includes input validation for wow buf pkt len in wma wow wakeup host event().Fix
RCE
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Android
Firefox Os
Qrd Android