Main Vulnerability Database Vulnerabilities #VU37948

Buffer overflow in Google Android - CVE-2017-11029

Published: November 16, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU37948

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-11029

CWE-ID: CWE-119

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, camera application triggers "user-memory-access" issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in user space. An unchecked userspace value (ioctl_ptr->len) is used to copy contents to a kernel buffer which can lead to kernel buffer overflow.

How to mitigate CVE-2017-11029

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/pixel/2017-11-01

Buffer overflow in Google Android - CVE-2017-11029

Detailed vulnerability description

How to mitigate CVE-2017-11029

Sources

Please verify you're human