FKIE_CVE-2017-14894

Vulnerability from fkie_nvd - Published: 2018-04-03 17:29 - Updated: 2024-11-21 03:13
Severity ?
7.3 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in wma_vdev_start_resp_handler(), vdev id is received from firmware as part of WMI_VDEV_START_RESP_EVENTID. This vdev id can be greater than max bssid stored in wma handle and this would result in buffer overwrite while accessing wma_handle->interfaces[vdev_id].
References
product-security@qualcomm.comhttps://source.android.com/security/bulletin/pixel/2018-04-01Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://source.android.com/security/bulletin/pixel/2018-04-01Vendor Advisory
Impacted products
Vendor Product Version
google android -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in wma_vdev_start_resp_handler(), vdev id is received from firmware as part of WMI_VDEV_START_RESP_EVENTID. This vdev id can be greater than max bssid stored in wma handle and this would result in buffer overwrite while accessing wma_handle-\u003einterfaces[vdev_id]."
    },
    {
      "lang": "es",
      "value": "En Qualcomm Android for MSM, Firefox OS for MSM, QRD Android, con todas las distribuciones de Android de CAF que utilizan el kernel de Linux antes del parche de seguridad nivel 2018-04-05, en wma_vdev_start_resp_handler(), vdev id se recibe del firmware como parte de WMI_VDEV_START_RESP_EVENTID. Este vdev id puede ser m\u00e1s grande que el bssid m\u00e1ximo almacenado en wma handle, lo que resultar\u00eda en una sobrescritura de b\u00fafer al acceder a wma_handle-\u003einterfaces[vdev_id]."
    }
  ],
  "id": "CVE-2017-14894",
  "lastModified": "2024-11-21T03:13:42.830",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-03T17:29:00.380",
  "references": [
    {
      "source": "product-security@qualcomm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://source.android.com/security/bulletin/pixel/2018-04-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://source.android.com/security/bulletin/pixel/2018-04-01"
    }
  ],
  "sourceIdentifier": "product-security@qualcomm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.