CVE-2017-11035

Published: Nov 16, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, possible buffer overflow or information leak in the functions "sme_set_ft_ies" and "csr_roam_issue_ft_preauth_req" due to incorrect initialization of WEXT callbacks and lack of the checks for buffer size.

Affected (1)

Products: Google: Android

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Android	All versions

Related CWEs

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (4)

https://source.android.com/security/bulletin/pixel/2017-11-01

Source: product-security@qualcomm.com

PatchVendor Advisory

https://source.android.com/security/bulletin/pixel/2018-01-01

Source: product-security@qualcomm.com

https://source.android.com/security/bulletin/pixel/2017-11-01

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://source.android.com/security/bulletin/pixel/2018-01-01

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.