CVE-2017-11052

Vulnerability

A buffer over-read vulnerability exists in the Android kernel's wireless driver when processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_NDP cfg80211 vendor command. This affects Android for MSM, Firefox OS for MSM, QRD Android, and all Android releases from CAF using the Linux kernel. The over-read occurs during parsing of the vendor command, allowing out-of-bounds memory access.

Exploitation

An attacker must be able to send a crafted QCA_NL80211_VENDOR_SUBCMD_NDP vendor command to the affected device. This likely requires local access or elevated privileges to interact with the wireless driver. No user interaction is required beyond the attacker sending the malicious command.

Impact

Successful exploitation results in a buffer over-read, which can lead to the disclosure of sensitive kernel memory contents. This information disclosure could expose cryptographic keys, passwords, or other confidential data. The CVSS v3 score is 7.5 (High), indicating significant confidentiality impact.

Mitigation

Google addressed this vulnerability in the October 2017 Android Security Bulletin for Pixel and Nexus devices [1]. Users should apply the OTA update or install the corresponding patch from their device manufacturer. No workaround is available; updating to the patched kernel version is the only mitigation.