Main Vulnerability Database Vulnerabilities #VU37947

Information disclosure in Google Android - CVE-2017-11028

Published: November 16, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU37947

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-11028

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the ISP Camera driver, the contents of an arbitrary kernel address can be leaked to userspace by the function msm_isp_get_stream_common_data().

How to mitigate CVE-2017-11028

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/101774
https://source.android.com/security/bulletin/2017-11-01

Information disclosure in Google Android - CVE-2017-11028

Detailed vulnerability description

How to mitigate CVE-2017-11028

Sources

Please verify you're human