Описание
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing VENDOR specific action frame in the function lim_process_action_vendor_specific(), a comparison is performed with the incoming action frame body without validating if the action frame body received is of valid length, potentially leading to an out-of-bounds access.
Ссылки
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- PatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
EPSS
7.5 High
CVSS3
7.8 High
CVSS2
Дефекты
Связанные уязвимости
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing VENDOR specific action frame in the function lim_process_action_vendor_specific(), a comparison is performed with the incoming action frame body without validating if the action frame body received is of valid length, potentially leading to an out-of-bounds access.
Уязвимость функции lim_process_action_vendor_specific компонента WLAN операционной системы Android из репозитория CAF, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
7.5 High
CVSS3
7.8 High
CVSS2