Integer Overflow Vulnerability in Qualcomm Android Products with CAF and Linux Kernel

Integer Overflow Vulnerability in Qualcomm Android Products with CAF and Linux Kernel

CVE-2017-17764 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

In all Qualcomm products with Android releases from CAF using the Linux kernel, the num_failure_info value from firmware is not properly validated in wma_rx_aggr_failure_event_handler() so that an integer overflow vulnerability in a buffer size calculation may potentially lead to a buffer overflow.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.