PT-2018-6652 · Mozilla+1 · Firefox Os+1
Published
2018-03-16
·
Updated
2018-04-04
·
CVE-2017-18065
CVSS v2.0
4.6
Medium
| Vector | AV:L/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
Android for MSM versions (affected versions not specified)
Firefox OS for MSM versions (affected versions not specified)
QRD Android versions (affected versions not specified)
Description:
The issue is related to improper input validation for
vent->vdev id in the wma action frame filter mac event handler() function, which receives input from firmware. This leads to arbitrary code execution.Recommendations:
For Android for MSM, ensure proper input validation is implemented for
vent->vdev id in the wma action frame filter mac event handler() function to prevent arbitrary code execution.
For Firefox OS for MSM, ensure proper input validation is implemented for vent->vdev id in the wma action frame filter mac event handler() function to prevent arbitrary code execution.
For QRD Android, ensure proper input validation is implemented for vent->vdev id in the wma action frame filter mac event handler() function to prevent arbitrary code execution.Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android
Firefox Os