Main Vulnerability Database Vulnerabilities #VU37301

Integer overflow in Google Android - CVE-2017-15836

Published: April 3, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37301

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-15836

CWE-ID: CWE-190

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, if the firmware sends a service ready event to the host with a large number in the num_hw_modes or num_phy, then it could result in an integer overflow which may potentially lead to a buffer overflow.

How to mitigate CVE-2017-15836

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/pixel/2018-04-01

Integer overflow in Google Android - CVE-2017-15836

Detailed vulnerability description

How to mitigate CVE-2017-15836

Sources

Please verify you're human