Buffer overflow in Google Android - CVE-2017-18061

 

Buffer overflow in Google Android - CVE-2017-18061

Published: March 16, 2018 / Updated: August 8, 2020


Vulnerability identifier: #VU37411
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-18061
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Google
Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, potential buffer overflow can happen when processing AOA measurement event from WIGIG firmware in wil_aoa_evt_meas().


How to mitigate CVE-2017-18061

Install update from vendor's website.

Sources