In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, in drmprov_cmd_verify_key(), the variable feature_name_length is not validated. There is a check for feature_name_len + filePathLen but there might be an integer wrap when checking feature_name_len + filePathLen. This leads to a buffer overflow.
References
Link | Resource |
---|---|
https://source.android.com/security/bulletin/2018-04-01 | Vendor Advisory |
http://www.securityfocus.com/bid/103671 | Third Party Advisory VDB Entry |
Information
Published : 2018-04-18 07:29
Updated : 2018-05-09 10:16
NVD link : CVE-2014-9995
Mitre link : CVE-2014-9995
JSON object : View
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Products Affected
qualcomm
- sd_800
- sd_400_firmware
- sd_800_firmware
- sd_400