#VU37922 Input validation error in Google Android - CVE-2017-11073
Published: November 16, 2017 / Updated: August 8, 2020
Vulnerability identifier: #VU37922
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-11073
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Google Android
Google Android
Software vendor:
Google
Description
The vulnerability allows a local authenticated user to execute arbitrary code.
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the qcacld pktlog allows mapping memory via /proc/ath_pktlog/cld to user space.
Remediation
Install update from vendor's website.