Main Vulnerability Database Vulnerabilities #VU37819

Buffer overflow in Google Android - CVE-2017-14897

Published: December 5, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU37819

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-14897

CWE-ID: CWE-119

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while handling the QSEOS_RPMB_CHECK_PROV_STATUS_COMMAND, a userspace buffer is directly accessed in kernel space.

How to mitigate CVE-2017-14897

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/102073
https://source.android.com/security/bulletin/2017-12-01

Buffer overflow in Google Android - CVE-2017-14897

Detailed vulnerability description

How to mitigate CVE-2017-14897

Sources

Please verify you're human