2 matches found
CVE-2017-15854
The value of fixparam-numchans is received from firmware and if it is too large, an integer overflow can occur in wmaradiochanstatseventhandler for the derived length len leading to a subsequent buffer overflow in all Android releases from CAF Android for MSM, Firefox OS for MSM, QRD Android usin...
CVE-2017-15854
CVE-2017-15854 concerns a local vulnerability in Qualcomm WLAN firmware used on Android CAF builds (Android for MSM, Firefox OS for MSM, QRD Android). The issue arises when fix_param->num_chans from firmware is too large, causing an integer overflow in wma_radio_chan_stats_event_handler() for ...