CVE-2017-18060

Name of the Vulnerable Software and Affected Versions: Android for MSM versions (affected versions not specified) Firefox OS for MSM versions (affected versions not specified) QRD Android versions (affected versions not specified)

Description: The issue is related to improper input validation for resp event->vdev id in the wma unified bcntx status event handler() function, which can lead to a potential out of bounds memory read. This occurs because the input is received from firmware.

Recommendations: For Android for MSM, ensure proper validation of the resp event->vdev id variable in the wma unified bcntx status event handler() function to prevent out of bounds memory access. For Firefox OS for MSM, consider implementing input validation for resp event->vdev id in the wma unified bcntx status event handler() function as a mitigation measure. For QRD Android, restrict access to the wma unified bcntx status event handler() function until proper input validation for resp event->vdev id is implemented.