Out of memory and out of bounds vulnerability while handling netlink messages (CVE-2017-0460)
Release Date:
May 1, 2017
Affected Projects:
Android for MSMFirefox OS for MSMQRD Android
Advisory ID:
QCIR-2017-00031-1
CVE ID(s):
Summary:
The following security vulnerabilities have been identified: CVE-2017-0460 While receiving netlink messages from userspace, an out of memory situation could occur if the incoming netlink message has its pid field set to 0. Similarly, while receiving netlink messages from userspace an out of bounds vulnerability could occur since boundaries on incoming data were not properly checked.
Access Vector: Local
Security Risk: Medium
Access Vector: Local
Affected Versions:
All Android releases from CAF using the Linux kernel
Patch:
We advise customers to apply the following patches:
Individual Patches
CVE-2017-0460:
- https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=93dd37c412dbadff9d5b1b6f7b317713192cab2b
- https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=8e2e23126709ebffa1bd91e1a6ac77e16714d852
- https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=85cccedb0cae0331228cc58fa91d31810018df98
Acknowledgement:
This issue was reported to Google by an external security researcher. Qualcomm Innovation Center, Inc. (QuIC) thanks Google for bringing this issue to QuIC's attention.
Revisions:
Initial revision
Contact:
security-advisory@quicinc.com