Vulnerability Details CVE-2017-15854
The value of fix_param->num_chans is received from firmware and if it is too large, an integer overflow can occur in wma_radio_chan_stats_event_handler() for the derived length len leading to a subsequent buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 3.3%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References