Main Vulnerability Database Vulnerabilities #VU38470

Out-of-bounds write in Google Android - CVE-2017-8271

Published: August 11, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU38470

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-8271

CWE-ID: CWE-787

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Out of bound memory write can happen in the MDSS Rotator driver in all Qualcomm products with Android releases from CAF using the Linux kernel by an unsanitized userspace-controlled parameter.

How to mitigate CVE-2017-8271

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/99465
https://source.android.com/security/bulletin/2017-07-01

Out-of-bounds write in Google Android - CVE-2017-8271

Detailed vulnerability description

How to mitigate CVE-2017-8271

Sources

Please verify you're human