CVE-2017-14883

CRITICAL

Android <2017-10-18 - Buffer Overflow

Title source: llm
STIX 2.1

Description

In the function wma_unified_power_debug_stats_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-18, if the value param_buf->num_debug_register received from the FW command buffer is close to max of uint32, then the computation performed using this variable to calculate stats_registers_len may overflow to a smaller value leading to less than required memory allocated for power_stats_results and potentially a buffer overflow while copying the FW buffer to local buffer.

Scores

CVSS v3 9.8
EPSS 0.0070
EPSS Percentile 48.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (1)
google/android
Published Mar 30, 2018
Tracked Since Feb 18, 2026