Integer overflow vulnerability in QCE driver (CVE-2016-8418)

Release Date:

February 14, 2017

Affected Projects:

Android for MSM Firefox OS for MSM QRD Android

Advisory ID:

QCIR-2017-00006-1

CVE ID(s):

CVE-2016-8418

Summary:

The following security vulnerabilities have been identified: CVE-2016-8418 While calculating total aead req length in function qce_aead_req, integer overflow occurs if total aead reg length is larger than UINT32_MAX as the error condition check is using ULONG_MAX.

Access Vector: Network

Security Risk: Critical

Access Vector: Network

Affected Versions:

All Android releases from CAF using the Linux kernel.

Patch:

We advise customers to apply the following patches:

Individual Patches

CVE-2016-8418: https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=59bfa8e15f1937fd73b82ad85d6d75a28a2aa4b2

Acknowledgement:

This issue was reported by an external security researcher, Seven Shen of Trend Micro Mobile Threat Research Team. Qualcomm Innovation Center, Inc. (QuIC) thanks Seven for bringing this issue to QuIC's attention.

Revisions:

Initial revision

Contact:

security-advisory@quicinc.com