CVE-2017-11090 : What You Need to Know
Learn about CVE-2017-11090 affecting Android for MSM, Firefox OS for MSM, QRD Android, and CAF releases. Find out the impact, affected systems, and mitigation steps.
Android for MSM, Firefox OS for MSM, QRD Android, and any Android release from CAF using the Linux kernel are affected by a buffer overread vulnerability.
Understanding CVE-2017-11090
A buffer overread vulnerability impacting various Android platforms.
What is CVE-2017-11090?
This vulnerability occurs in the __wlan_hdd_cfg80211_set_pmksa function when a user space application sends a PMKID smaller than WLAN_PMKID_LEN bytes.
The Impact of CVE-2017-11090
The vulnerability could allow an attacker to read beyond the allocated memory, potentially leading to information disclosure or a denial of service.
Technical Details of CVE-2017-11090
The technical aspects of the vulnerability.
Vulnerability Description
A buffer overread vulnerability in WLAN, affecting Android platforms using the Linux kernel.
Affected Systems and Versions
- Products: Android for MSM, Firefox OS for MSM, QRD Android
- Vendor: Qualcomm, Inc.
- Versions: All Android releases from CAF using the Linux kernel
Exploitation Mechanism
The issue arises when a user space application transmits a PMKID smaller than WLAN_PMKID_LEN bytes, triggering the buffer overread.
Mitigation and Prevention
Steps to address and prevent the vulnerability.
Immediate Steps to Take
- Apply patches provided by Qualcomm or the respective vendors promptly.
- Monitor vendor security bulletins for updates and advisories.
Long-Term Security Practices
- Regularly update software and firmware to the latest versions.
- Implement network segmentation and access controls to limit the impact of potential attacks.
Patching and Updates
- Keep systems up to date with the latest security patches and fixes.