CVE-2017-11027

HIGH

Android for MSM - Uninitialized Data Access via UBI Image Flashing

Title source: llm
STIX 2.1

Description

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing UBI image, size is not validated for being smaller than minimum header size causing unintialized data access vulnerability.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/pixel/2017-11-01

Scores

CVSS v3 7.8
EPSS 0.0002
EPSS Percentile 4.1%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (2)
google/android
Qualcomm, Inc./Android for MSM, Firefox OS for MSM, QRD Android All Android releases from CAF using the Linux kernel
Published Nov 16, 2017
Tracked Since Feb 18, 2026