Vulnerability Details CVE-2017-18057
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev id in wma_nlo_scan_cmp_evt_handler(), which is received from firmware, leads to potential out of bounds memory read.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.3%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://source.android.com/security/bulletin/pixel/2018-03-01
- https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=24d41d2bd3d98325b3800345f4ba27a334b3894b
- https://source.android.com/security/bulletin/pixel/2018-03-01
- https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=24d41d2bd3d98325b3800345f4ba27a334b3894b