Out of memory and out of bounds vulnerability while handling netlink messages (CVE-2017-0460)

Release Date:

May 1, 2017

Affected Projects:

Android for MSMFirefox OS for MSMQRD Android

Advisory ID:

QCIR-2017-00031-1

CVE ID(s):

CVE-2017-0460

Summary:

The following security vulnerabilities have been identified: CVE-2017-0460 While receiving netlink messages from userspace, an out of memory situation could occur if the incoming netlink message has its pid field set to 0. Similarly, while receiving netlink messages from userspace an out of bounds vulnerability could occur since boundaries on incoming data were not properly checked.

Access Vector: Local

Security Risk: Medium

Access Vector: Local

Affected Versions:

All Android releases from CAF using the Linux kernel

Patch:

We advise customers to apply the following patches:

Individual Patches
CVE-2017-0460:

• https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=93dd37c412dbadff9d5b1b6f7b317713192cab2b
• https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=8e2e23126709ebffa1bd91e1a6ac77e16714d852
• https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=85cccedb0cae0331228cc58fa91d31810018df98

Acknowledgement:

This issue was reported to Google by an external security researcher. Qualcomm Innovation Center, Inc. (QuIC) thanks Google for bringing this issue to QuIC's attention.

Revisions:

Initial revision

Contact:

security-advisory@quicinc.com