Main Vulnerability Database Vulnerabilities #VU37857

Buffer overflow in Google Android - CVE-2017-9698

Published: December 5, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU37857

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-9698

CWE-ID: CWE-119

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improperly specified offset/size values for a submission command could cause a math operation to overflow and could result in an access to arbitrary memory. The combined pointer will overflow and possibly pass further checks intended to avoid accessing unintended memory.

How to mitigate CVE-2017-9698

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/pixel/2017-12-01

Buffer overflow in Google Android - CVE-2017-9698

Detailed vulnerability description

How to mitigate CVE-2017-9698

Sources

Please verify you're human