Stack overflow in wifi driver function __wlan_hdd_change_station (CVE-2016-10283)

Release Date:

May 1, 2017

Affected Projects:

Android for MSMFirefox OS for MSMQRD Android

Advisory ID:

QCIR-2017-00033-1

CVE ID(s):

CVE-2016-10283

Summary:

The following security vulnerabilities have been identified: CVE-2016-10283 User can give number of operation classes more than 32 through HDD change station command. This will result in stack overflow during memcopy as the max number of supported channels is 32. Access Vector: Local Security Risk: Medium Vulnerability: CWE-120 Buffer Copy Without Checking Size of Input (‘Classic Buffer Overflow’) Affected Versions: All Android releases from CAF using the Linux kernel.

Access Vector: Local

Security Risk: Medium

Access Vector: Local

Affected Versions:

All Android releases from CAF using the Linux kernel

Patch:

We advise customers to apply the following patches:

Individual Patches
CVE-2016-10283:

• https://source.codeaurora.org/quic/la//platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=329e3c01b453fb7d95579955a12119de03a8f66a
• https://source.codeaurora.org/quic/la//platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=d60a5839ba987e2c9d365fef950cae0c9ad11010

Acknowledgement:

This issue was reported to Google by an external security researcher. Qualcomm Innovation Center, Inc. (QuIC) thanks Google for bringing this issue to QuIC's attention.

Revisions:

Initial revision

Contact:

security-advisory@quicinc.com