Memory overflow in wifi driver function hdd_extscan_epno_fill_network_list (CVE-2016-8419)

Release Date:

February 14, 2017

Affected Projects:

Android for MSMFirefox OS for MSMQRD Android

Advisory ID:

QCIR-2017-00009-1

CVE ID(s):

CVE-2016-8419

Summary:

The following security vulnerabilities have been identified: CVE-2016-8419 Currently there is a single wlan_hdd_extscan_config_policy which contains entries for both EXTSCAN and PNO attributes. However the EXTSCAN and PNO attributes have separate and overlapping assignments. Therefore one policy cannot be used by both types of commands. In addition, when parsing nested PNO attributes the policy is not used, and hence no checking is performed on the nested data. This can result in a buffer overflow.

Access Vector: Local

Security Risk: Medium

Access Vector: Local

Affected Versions:

All Android releases from CAF using the Linux kernel.

Patch:

We advise customers to apply the following patches:

Individual Patches

• CVE-2016-8419: https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=3f8c5e23045cfcc3665f5b1602a53faeb1b885be

Acknowledgement:

This issue was reported to Google by an external security researcher. Qualcomm Innovation Center, Inc. (QuIC) thanks Google for bringing this issue to QuIC's attention.

Revisions:

Initial

Contact: