NVD Vulnerability Detail

CVE-2017-18052

Summary	In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for cmpl_params->num_reports, param_buf->desc_ids and param_buf->status in wma_mgmt_tx_bundle_completion_handler(), which is received from firmware, leads to potential out of bounds memory read.
Publication Date	March 17, 2018, 7:29 a.m.
Registration Date	Jan. 26, 2021, 1:20 p.m.
Last Update	Nov. 21, 2024, 12:19 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:google:android:-:::::::*

Related information, measures and tools

No	URL	タグ
1	https://source.android.com/security/bulletin/pixel/2018-03-01	Vendor Advisory
2	https://source.android.com/security/bulletin/pixel/2018-03-01	Vendor Advisory
3	https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=c04c4870bd86a5f878553d7acf207388f3d6c3bd	Patch Third Party Advisory
4	https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=c04c4870bd86a5f878553d7acf207388f3d6c3bd	Patch Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html
2	CWE-125	境界外読み取り	https://cwe.mitre.org/data/definitions/125.html

JVN Vulnerability Information

Android における境界外読み取りに関する脆弱性

Title	Android における境界外読み取りに関する脆弱性
Summary	Android には、境界外読み取りに関する脆弱性、および入力確認に関する脆弱性が存在します。
Possible impacts	情報を取得される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Oct. 31, 2017, midnight
Registration Date	May 1, 2018, 1:56 p.m.
Last Update	May 1, 2018, 1:56 p.m.

Affected System

Google

Android

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-18052	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18052
National Vulnerability Database (NVD)
2	CVE-2017-18052	https://nvd.nist.gov/vuln/detail/CVE-2017-18052

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-125	https://cwe.mitre.org/data/definitions/125.html
2	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html

ベンダー情報

No	Name	URL
Android Open Source Project
1	Pixel/Nexus のセキュリティに関する公開情報 - 2018 年 3 月	https://source.android.com/security/bulletin/pixel/2018-03-01
Code Aurora Forum
2	qcacld-3.0: Fix OOB read in wma_mgmt_tx_bundle_completion_handler	https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=c04c4870bd86a5f878553d7acf207388f3d6c3bd

Change Log

No	Changed Details	Date of change
1	[2018年05月01日] 掲載	May 1, 2018, 1:56 p.m.