7.8

CVE-2017-14889

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to the lack of a range check on the array index into the WMI descriptor pool, arbitrary address execution may potentially occur in the process mgmt completion handler.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleAndroid Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.2% 0.097
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://source.android.com/security/bulletin/pixel/2018-03-01
Vendor Advisory
https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=e11e9dc8298dc0632050cacce96e9652d017f755
Patch
Third Party Advisory