ID CVE-2017-15861
Summary In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function wma_roam_synch_event_handler, vdev_id is received from firmware and used to access an array without validation.
References
Vulnerable Configurations
  • Google Android Operating System
    cpe:2.3:o:google:android
CVSS
Base: 7.2
Impact:
Exploitability:
CWE CWE-129
CAPEC
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
refmap via4
confirm https://source.android.com/security/bulletin/2018-02-01
Last major update 23-02-2018 - 18:29
Published 23-02-2018 - 18:29
Last modified 12-03-2018 - 12:47
Back to Top