Main Vulnerability Database Vulnerabilities #VU38469

Information disclosure in Google Android - CVE-2017-8269

Published: August 11, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU38469

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-8269

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Userspace-controlled non null terminated parameter for IPA WAN ioctl in all Qualcomm products with Android releases from CAF using the Linux kernel can lead to exposure of kernel memory.

How to mitigate CVE-2017-8269

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/99465
https://source.android.com/security/bulletin/2017-07-01
https://source.android.com/security/bulletin/pixel/2018-04-01

Information disclosure in Google Android - CVE-2017-8269

Detailed vulnerability description

How to mitigate CVE-2017-8269

Sources

Please verify you're human