In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer over-read is possible in camera driver function msm_isp_stop_stats_stream. Variable stream_cfg_cmd->num_streams is from userspace, and it is not checked against "MSM_ISP_STATS_MAX".
References
Link | Resource |
---|---|
https://source.android.com/security/bulletin/pixel/2017-11-01 | Patch Vendor Advisory |
Configurations
Information
Published : 2017-11-16 14:29
Updated : 2019-10-02 17:03
NVD link : CVE-2017-9696
Mitre link : CVE-2017-9696
JSON object : View
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Products Affected
- android