CVE-2017-11054

Vulnerability

A buffer over-read vulnerability exists in the processing of a specially crafted cfg80211 vendor command in the Linux kernel used in Android for MSM, Firefox OS for MSM, QRD Android, and all Android releases from CAF using the Linux kernel. The bug occurs due to insufficient bounds checking when handling vendor-specific commands in the wireless subsystem. Affected versions include all releases prior to the October 2017 security patch level.

Exploitation

An attacker with local access or the ability to send cfg80211 vendor commands (e.g., via a malicious application or from a compromised wireless interface) can trigger the over-read by supplying a crafted command. The vulnerability does not require user interaction beyond installing a malicious app or connecting to a rogue network.

Impact

Successful exploitation results in a buffer over-read, potentially leaking sensitive kernel memory contents that could include encryption keys, passwords, or other confidential data. The disclosure could facilitate further attacks on the device.

Mitigation

Google addressed this vulnerability in the October 2017 Pixel/Nexus Security Bulletin [1]. Users should apply the security patch level dated 2017-10-05 or later. No workaround is available; updating the device is the recommended mitigation.