Undersize Buffer Allocation Vulnerability in Android for MSM, Firefox OS for MSM, QRD Android, and CAF Android Releases

Undersize Buffer Allocation Vulnerability in Android for MSM, Firefox OS for MSM, QRD Android, and CAF Android Releases

CVE-2017-14896 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a memory allocation without a length field validation in the mobicore driver which can result in an undersize buffer allocation. Ultimately this can result in a kernel memory overwrite.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.