Main Vulnerability Database Vulnerabilities #VU37305

Input validation error in Google Android - CVE-2017-18147

Published: April 3, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37305

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-18147

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in MMCP, a downlink message is not being properly validated.

How to mitigate CVE-2017-18147

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/103671
https://source.android.com/security/bulletin/2018-04-01

Input validation error in Google Android - CVE-2017-18147

Detailed vulnerability description

How to mitigate CVE-2017-18147

Sources

Please verify you're human