Integer Overflow Vulnerability in Qualcomm Android Products with CAF and Linux Kernel

Integer Overflow Vulnerability in Qualcomm Android Products with CAF and Linux Kernel

CVE-2017-17765 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

In all Qualcomm products with Android releases from CAF using the Linux kernel, multiple values received from firmware are not properly validated in wma_get_ll_stats_ext_buf() and are used to allocate the sizes of buffers and may be vulnerable to integer overflow leading to buffer overflow.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.