Integer Overflow and Buffer Overflow Vulnerability in Qualcomm Android Products with CAF and Linux Kernel

Integer Overflow and Buffer Overflow Vulnerability in Qualcomm Android Products with CAF and Linux Kernel

CVE-2017-15862 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

In all Qualcomm products with Android releases from CAF using the Linux kernel, in wma_unified_link_radio_stats_event_handler(), the number of radio channels coming from firmware is not properly validated, potentially leading to an integer overflow vulnerability followed by a buffer overflow.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.