SB2017030825 - Input validation error in Linux kernel
Published: March 8, 2017 Updated: August 8, 2020
Security Bulletin ID
SB2017030825
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2017-0464)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32940193. References: QC-CR#1102593.
Remediation
Install update from vendor's website.
References
- http://www.securityfocus.com/bid/96735
- http://www.securitytracker.com/id/1037968
- https://source.android.com/security/bulletin/2017-03-01
- https://source.android.com/security/bulletin/2017-03-01.html
- https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=051597a4fe19fd1292fb7ea2e627d12d1fd2934f