Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2017-15836 |
CWE-ID | CWE-190 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Google Android Operating systems & Components / Operating system |
Vendor |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU37301
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-15836
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, if the firmware sends a service ready event to the host with a large number in the num_hw_modes or num_phy, then it could result in an integer overflow which may potentially lead to a buffer overflow.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: All versions
External linkshttp://source.android.com/security/bulletin/pixel/2018-04-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.