ID CVE-2017-13217
Summary In DisplayFtmItem in the bootloader, there is an out-of-bounds write due to reading a string without verifying that it's null-terminated. This could lead to a secure boot bypass and a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-68269077.
References
Vulnerable Configurations
  • Google Android Operating System
    cpe:2.3:o:google:android
CVSS
Base: 7.2
Impact:
Exploitability:
CWE CWE-787
CAPEC
refmap via4
bid 102423
confirm https://source.android.com/security/bulletin/2018-01-01
sectrack 1040106
Last major update 12-01-2018 - 18:29
Published 12-01-2018 - 18:29
Last modified 30-01-2018 - 14:43
Back to Top