CVE-2017-14889

Published: Mar 16, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to the lack of a range check on the array index into the WMI descriptor pool, arbitrary address execution may potentially occur in the process mgmt completion handler.

Affected (1)

Products: Google: Android

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Android	All versions

Related CWEs

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (4)

https://source.android.com/security/bulletin/pixel/2018-03-01

Source: product-security@qualcomm.com

Vendor Advisory

https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=e11e9dc8298dc0632050cacce96e9652d017f755

Source: product-security@qualcomm.com

PatchThird Party Advisory

https://source.android.com/security/bulletin/pixel/2018-03-01

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=e11e9dc8298dc0632050cacce96e9652d017f755

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.