Lucene search

[email protected]CVE-2017-14890

HistoryApr 03, 2018 - 5:29 p.m.

CVE-2017-14890

2018-04-0317:29:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2017-14890

qualcomm

android

msm

firefox os

qrd

caf

linux kernel

security patch

buffer overwrite

wma_send_bcn_buf_ll

swba event

vulnerability

nvd

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

8.6 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

30.9%

JSON

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the processing of an SWBA event, the vdev_map value is not properly validated leading to a potential buffer overwrite in function wma_send_bcn_buf_ll().

CPENameOperatorVersion
google:androidgoogle androideq-

CPE	Name	Operator	Version
google:android	google android	eq	-

References

source.android.com/security/bulletin/pixel/2018-04-01

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

8.6 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

30.9%

JSON

Related for CVE-2017-14890

prion1 androidsecurity1