Integer overflow vulnerability in QCE driver (CVE-2016-8418)

Release Date:

February 14, 2017

Affected Projects:

Android for MSMFirefox OS for MSMQRD Android

Advisory ID:

QCIR-2017-00006-1

CVE ID(s):

CVE-2016-8418

Summary:

The following security vulnerabilities have been identified: CVE-2016-8418 While calculating total aead req length in function qce_aead_req, integer overflow occurs if total aead reg length is larger than UINT32_MAX as the error condition check is using ULONG_MAX.

Access Vector: Network
Security Risk: Critical
Access Vector: Network

Affected Versions:

All Android releases from CAF using the Linux kernel.

Patch:

We advise customers to apply the following patches:

Individual Patches

Acknowledgement:

This issue was reported by an external security researcher, Seven Shen of Trend Micro Mobile Threat Research Team. Qualcomm Innovation Center, Inc. (QuIC) thanks Seven for bringing this issue to QuIC's attention.

Revisions:

Initial revision

Contact:

security-advisory@quicinc.com