exploitDog

CVE-2017-9696

Опубликовано: 16 нояб. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer over-read is possible in camera driver function msm_isp_stop_stats_stream. Variable stream_cfg_cmd->num_streams is from userspace, and it is not checked against "MSM_ISP_STATS_MAX".

Ссылки

https://source.android.com/security/bulletin/pixel/2017-11-01
Patch
Vendor Advisory
https://source.android.com/security/bulletin/pixel/2017-11-01
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

EPSS

Процентиль: 31%

0.00117

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-119

Связанные уязвимости

GHSA-8wh7-jg3h-4f4r

CVSS3: 7.5

github

больше 3 лет назад

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer over-read is possible in camera driver function msm_isp_stop_stats_stream. Variable stream_cfg_cmd->num_streams is from userspace, and it is not checked against "MSM_ISP_STATS_MAX".

EPSS

Процентиль: 31%

0.00117

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-119