CVE-2017-18070

Name of the Vulnerable Software and Affected Versions: Linux Kernel (affected versions not specified)

Description: The issue arises in the wma ndp end response event handler() function, where the len end rsp variable, a uint32, can be overflowed if the value of the variable event->num ndp end rsp per ndi list is very large. This overflow can lead to a heap overwrite of the end rsp heap object. The problem affects all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) that use the Linux Kernel.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.