CVE-2017-8256

HIGH

Qualcomm Android CAF - Out-of-bounds Read via Multicast Address Handling

Title source: llm
STIX 2.1

Description

In all Qualcomm products with Android releases from CAF using the Linux kernel, array out of bounds access can occur if userspace sends more than 16 multicast addresses.

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2017-07-01
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/99465

Scores

CVSS v3 7.8
EPSS 0.0036
EPSS Percentile 27.7%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-125
Status published
Products (2)
google/android
Qualcomm, Inc./All Qualcomm products All Android releases from CAF using the Linux kernel
Published Aug 18, 2017
Tracked Since Feb 18, 2026