CVE-2017-11055
Description
Processing a crafted QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION command in the Android kernel leads to a buffer over-read.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Processing a crafted QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION command in the Android kernel leads to a buffer over-read.
Vulnerability
In Android for MSM, Firefox OS for MSM, QRD Android, and all Android releases from CAF using the Linux kernel, a buffer over-read occurs while processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION cfg80211 vendor command. [1] This affects Android versions with kernel from CAF.
Exploitation
An attacker can trigger the vulnerability by sending a specially crafted QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION command, which causes a buffer over-read. The attacker likely needs local access to send netlink messages to the kernel. [1]
Impact
The buffer over-read can lead to information disclosure, potentially revealing sensitive kernel memory. The severity is High with CVSS v3 score 7.5, indicating significant impact on confidentiality. [1]
Mitigation
Google's October 2017 security bulletin includes a fix for this issue. Users should apply the Android security update dated 2017-10-01. [1]
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/101160nvdThird Party AdvisoryVDB Entry
- source.android.com/security/bulletin/pixel/2017-10-01nvdVendor Advisory
News mentions
0No linked articles in our index yet.