SB2018120738 - Infinite loop in Google, Google Android
Published: December 7, 2018 Updated: August 8, 2020
Security Bulletin ID
SB2018120738
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Infinite loop (CVE-ID: CVE-2017-15835)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, While processing the RIC Data Descriptor IE in an artificially crafted 802.11 frame with IE length more than 255, an infinite loop may potentially occur resulting in a denial of service.
Remediation
Install update from vendor's website.