In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, by calling an IPA ioctl and searching for routing/filer/hdr rule handle from ipa_idr pointer using ipa_idr_find() function, the wrong structure pointer can be returned resulting in a slab out of bound access in the IPA driver.
References
Link | Resource |
---|---|
https://source.android.com/security/bulletin/pixel/2018-01-01 | Patch Vendor Advisory |
Configurations
Information
Published : 2018-01-10 14:29
Updated : 2018-01-26 04:34
NVD link : CVE-2017-14879
Mitre link : CVE-2017-14879
JSON object : View
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Products Affected
- android