SB2017030879 - Information disclosure in Linux kernel
Published: March 8, 2017 Updated: August 8, 2020
Security Bulletin ID
SB2017030879
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information disclosure (CVE-ID: CVE-2017-0461)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32073794. References: QC-CR#1100132.
Remediation
Install update from vendor's website.
References
- http://www.securityfocus.com/bid/96743
- http://www.securitytracker.com/id/1037968
- https://source.android.com/security/bulletin/2017-03-01
- https://source.android.com/security/bulletin/2017-03-01.html
- https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=ce5d6f84420a2e6ca6aad6b866992970dd313a65