Main Vulnerability Database Vulnerabilities #VU37683

Buffer overflow in Google Android - CVE-2017-14879

Published: January 10, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37683

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-14879

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote authenticated user to execute arbitrary code.

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, by calling an IPA ioctl and searching for routing/filer/hdr rule handle from ipa_idr pointer using ipa_idr_find() function, the wrong structure pointer can be returned resulting in a slab out of bound access in the IPA driver.

How to mitigate CVE-2017-14879

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/pixel/2018-01-01

Buffer overflow in Google Android - CVE-2017-14879

Detailed vulnerability description

How to mitigate CVE-2017-14879

Sources

Please verify you're human