Main Vulnerability Database Vulnerabilities #VU37303

Out-of-bounds read in Google Android - CVE-2017-15853

Published: April 3, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37303

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-15853

CWE-ID: CWE-125

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing PTT commands, ptt_sock_send_msg_to_app() is invoked without validating the packet length. If the packet length is invalid, then a buffer over-read can occur.

How to mitigate CVE-2017-15853

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/pixel/2018-04-01

Out-of-bounds read in Google Android - CVE-2017-15853

Detailed vulnerability description

How to mitigate CVE-2017-15853

Sources

Please verify you're human