Main Vulnerability Database Vulnerabilities #VU37401

Out-of-bounds read in Google Android - CVE-2017-18050

Published: March 16, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37401

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-18050

CWE-ID: CWE-125

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev_map in wma_tbttoffset_update_event_handler(), which is received from firmware, leads to potential buffer overwrite and out of bounds memory read.

How to mitigate CVE-2017-18050

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/pixel/2018-03-01
https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=63b57442d65dfdb4b4634ff32059b1bca8c72fb7

Out-of-bounds read in Google Android - CVE-2017-18050

Detailed vulnerability description

How to mitigate CVE-2017-18050

Sources

Please verify you're human