CVE-2017-11089

Advisory lineage Upstream: 0 Downstream: 5

Downstream

DEBIAN-CVE-2017-11089 SUSE-SU-2018:1220-1 SUSE-SU-2018:1221-1 UBUNTU-CVE-2017-11089 USN-3620-1

Modified

Published: 16 Nov 2017, 22:00

Last modified:16 Sept 2024, 21:03

Vulnerability Summary

Overall Risk (default)

medium

30/100

CVSS Score

7.5 HIGH

v3.0 (nvd)

EPSS Score

0.64% LOW

1% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

16 Nov 2017, 22:00

Published

Vulnerability first disclosed

16 Sept 2024, 21:03

Last Modified

Vulnerability information updated

Description

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes

CVSS Metrics

v3.0•HIGH•Score: 7.5CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 0.64%• Percentile: 71%

Techniques & Countermeasures

CWE-125•Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.

Affected Systems

google•android
na
qualcomm, inc.•android for msm, firefox os for msm, qrd android
All Android releases from CAF using the Linux kernel