Main Vulnerability Database Vulnerabilities #VU37424

Out-of-bounds read in Google Android - CVE-2017-18056

Published: March 15, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37424

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-18056

CWE-ID: CWE-125

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev_id in wma_unified_bcntx_status_event_handler() which is received from firmware leads to potential out of bounds memory read.

How to mitigate CVE-2017-18056

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/103254
https://source.android.com/security/bulletin/2018-03-01

Out-of-bounds read in Google Android - CVE-2017-18056

Detailed vulnerability description

How to mitigate CVE-2017-18056

Sources

Please verify you're human