Main Vulnerability Database SB2017040845

SB2017040845 - Out-of-bounds write in Linux kernel

Published: April 8, 2017 Updated: August 9, 2020

Security Bulletin ID SB2017040845

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Out-of-bounds write (CVE-ID: CVE-2017-0561)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. References: B-RB#110814.

Remediation

Install update from vendor's website.

References

http://www.securityfocus.com/bid/97367
http://www.securitytracker.com/id/1038201
https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html
https://source.android.com/security/bulletin/2017-04-01
https://www.exploit-db.com/exploits/41805/
https://www.exploit-db.com/exploits/41806/