The value of fix_param->num_chans is received from firmware and if it is too large, an integer overflow can occur in wma_radio_chan_stats_event_handler() for the derived length len leading to a subsequent buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: qualcomm
Published: 2018-06-12T20:00:00Z
Updated: 2024-09-17T02:11:43.560Z
Reserved: 2017-10-24T00:00:00
Link: CVE-2017-15854
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-06-12T20:29:00.313
Modified: 2018-08-01T13:34:13.137
Link: CVE-2017-15854
Redhat
No data.