CVE-2017-11014

HIGH

Android for MSM - Buffer Overflow in Roam Neighbor Action Report Measurement Request IE Parser

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-11014. PoCs published by ScottyBauer.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2017-11014, which targets a vulnerability in Android's WiFi stack. The code sets up a fake access point to trigger the vulnerability, demonstrating the attack vector.

Description

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while parsing a Measurement Request IE in a Roam Neighbor Action Report, a buffer overflow can occur.

Exploits (1)

github WORKING POC 682 stars
by ScottyBauer · cpoc
https://github.com/ScottyBauer/Android_Kernel_CVE_POCs/tree/master/wifi/CVE-2017-11014.c

This repository contains a functional proof-of-concept exploit for CVE-2017-11014, which targets a vulnerability in Android's WiFi stack. The code sets up a fake access point to trigger the vulnerability, demonstrating the attack vector.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Android Kernel (WiFi stack)
No auth needed
Prerequisites: Wireless interface in monitor mode · Proximity to target device
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/101774
Patch, Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2017-11-01

Scores

CVSS v3 7.8
EPSS 0.0060
EPSS Percentile 43.9%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-120
Status published
Products (2)
google/android
Qualcomm, Inc./Android for MSM, Firefox OS for MSM, QRD Android All Android releases from CAF using the Linux kernel
Published Nov 16, 2017
Tracked Since Feb 18, 2026