Main Vulnerability Database Vulnerabilities #VU37497

Integer overflow in Google Android - CVE-2017-17765

Published: February 24, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37497

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-17765

CWE-ID: CWE-190

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In all Qualcomm products with Android releases from CAF using the Linux kernel, multiple values received from firmware are not properly validated in wma_get_ll_stats_ext_buf() and are used to allocate the sizes of buffers and may be vulnerable to integer overflow leading to buffer overflow.

How to mitigate CVE-2017-17765

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/102974
https://source.android.com/security/bulletin/2018-02-01

Integer overflow in Google Android - CVE-2017-17765

Detailed vulnerability description

How to mitigate CVE-2017-17765

Sources

Please verify you're human