Integer overflow vulnerability in QCE driver (CVE-2016-8418)
Release Date:
February 14, 2017
Affected Projects:
Android for MSMFirefox OS for MSMQRD Android
Advisory ID:
QCIR-2017-00006-1
CVE ID(s):
Summary:
The following security vulnerabilities have been identified: CVE-2016-8418 While calculating total aead req length in function qce_aead_req, integer overflow occurs if total aead reg length is larger than UINT32_MAX as the error condition check is using ULONG_MAX.
Access Vector: Network
Security Risk: Critical
Access Vector: Network
Affected Versions:
All Android releases from CAF using the Linux kernel.
Patch:
We advise customers to apply the following patches:
Individual Patches
- CVE-2016-8418: https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=59bfa8e15f1937fd73b82ad85d6d75a28a2aa4b2
Acknowledgement:
This issue was reported by an external security researcher, Seven Shen of Trend Micro Mobile Threat Research Team. Qualcomm Innovation Center, Inc. (QuIC) thanks Seven for bringing this issue to QuIC's attention.
Revisions:
Initial revision