CVE-2017-13292 - In wl_get_assoc_ies of wl_cfg80211.c, there is a possible out of bounds write due to an incorrect bo

CVE-2017-13292

Summary

In wl_get_assoc_ies of wl_cfg80211.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-70722061. References: B-V2018010201.

References

https://source.android.com/security/bulletin/2018-04-01

Vulnerable Configurations

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 10-05-2018 - 16:16)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

confirm

https://source.android.com/security/bulletin/2018-04-01

Last major update

10-05-2018 - 16:16

Published

04-04-2018 - 16:29

Last modified

10-05-2018 - 16:16