CVE-2017-14876 - In msm_ispif_config_stereo() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-

CVE-2017-14876

Summary

In msm_ispif_config_stereo() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-21, the parameter params->entries[i].vfe_intf comes from userspace without any bounds check which could potentially result in a kernel out-of-bounds write.

References

https://source.android.com/security/bulletin/pixel/2018-02-01
https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=f26dbd9d9491333766ba383044064b1304127ac0

Vulnerable Configurations

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 25-04-2018 - 15:02)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

confirm	https://source.android.com/security/bulletin/pixel/2018-02-01
misc	https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=f26dbd9d9491333766ba383044064b1304127ac0

Last major update

25-04-2018 - 15:02

Published

30-03-2018 - 21:29

Last modified

25-04-2018 - 15:02