SB2017101063 - Out-of-bounds read in Google, Google Android

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017101063

SB2017101063 - Out-of-bounds read in Google, Google Android

Published: October 10, 2017 Updated: August 8, 2020

Security Bulletin ID SB2017101063
Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Out-of-bounds read (CVE-ID: CVE-2017-11064)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed during processing of ACA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_PASSPOINT_LIST and QCA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_LIST cfg80211 vendor commands in __wlan_hdd_cfg80211_set_passpoint_list and hdd_extscan_passpoint_fill_network_list function respectively. Android ID: A-36815952. References: QC-CR#2054770, QC-CR#2058447, QC-CR#2066628, QC-CR#2087785


Remediation

Install update from vendor's website.

References