Main Vulnerability Database Vulnerabilities #VU38111

Information disclosure in Google Android - CVE-2017-11051

Published: October 10, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU38111

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-11051

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, information disclosure is possible in function __wlan_hdd_cfg80211_testmode since buffer hb_params is not initialized to zero.

How to mitigate CVE-2017-11051

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/101160
https://source.android.com/security/bulletin/pixel/2017-10-01

Information disclosure in Google Android - CVE-2017-11051

Detailed vulnerability description

How to mitigate CVE-2017-11051

Sources

Please verify you're human