CVE-2017-14888

HIGH

Android - Heap Buffer Overflow via IE Data Copy

Title source: llm
STIX 2.1

Description

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Userspace can pass IEs to the host driver and if multiple append commands are received, then the integer variable that stores the length can overflow and the subsequent copy of the IE data may potentially lead to a heap buffer overflow.

References (2)

Core 2

Scores

CVSS v3 7.8
EPSS 0.0018
EPSS Percentile 8.2%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (1)
google/android
Published Dec 07, 2018
Tracked Since Feb 18, 2026