Main Vulnerability Database Vulnerabilities #VU36648

Integer overflow in Google Android - CVE-2017-15828

Published: September 18, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36648

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-15828

CWE-ID: CWE-190

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while accessing the keystore in LK, an integer overflow vulnerability exists which may potentially lead to a buffer overflow.

How to mitigate CVE-2017-15828

Install update from vendor's website.

Sources

https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=86ea9e5dd16d918f8960067157012cc15176f82f
https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin

Integer overflow in Google Android - CVE-2017-15828

Detailed vulnerability description

How to mitigate CVE-2017-15828

Sources

Please verify you're human