In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MSM8974, lack of length checking in OEMCrypto_DeriveKeysFromSessionKey() could lead to a buffer overflow vulnerability.
References
Link | Resource |
---|---|
https://source.android.com/security/bulletin/2018-04-01 | Vendor Advisory |
http://www.securityfocus.com/bid/103671 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2018-04-18 07:29
Updated : 2018-05-09 08:26
NVD link : CVE-2015-9179
Mitre link : CVE-2015-9179
JSON object : View
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Products Affected
qualcomm
- msm8974
- msm8974_firmware