Out-of-bounds read in Google Android - CVE-2017-9717
Published: October 10, 2017 / Updated: August 8, 2020
Vulnerability identifier: #VU38107
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2017-9717
CWE-ID: CWE-125
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Google
Affected software:
Google Android
Google Android
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while parsing Netlink attributes, a buffer overread can occur.
How to mitigate CVE-2017-9717
Install update from vendor's website.