Описание
In wma_nan_rsp_event_handler() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the data_len value is received from firmware and not properly validated which could potentially lead to an out-of-bounds access.
Ссылки
- PatchVendor Advisory
- Patch
- PatchThird Party Advisory
- PatchVendor Advisory
- Patch
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
EPSS
Процентиль: 21%
0.00068
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-125
Связанные уязвимости
CVSS3: 5.5
github
больше 3 лет назад
In wma_nan_rsp_event_handler() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the data_len value is received from firmware and not properly validated which could potentially lead to an out-of-bounds access.
EPSS
Процентиль: 21%
0.00068
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-125