CVE-2017-11089
Description
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A buffer overread in nl80211_set_station due to insufficient validation of NL80211_ATTR_LOCAL_MESH_POWER_MODE length.
Vulnerability
A buffer overread vulnerability exists in the nl80211_set_station function in affected Android Linux kernel versions from CAF. This occurs when a user-space application sends the attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data smaller than 4 bytes, leading to an out-of-bounds read. Affected platforms include Android for MSM, Firefox OS for MSM, QRD Android, and all Android releases from CAF using the Linux kernel [1].
Exploitation
An attacker with the ability to send crafted netlink messages from user space can trigger the overread. This requires local access or a user-space application that can issue the appropriate NL80211_CMD_SET_STATION command with a malformed NL80211_ATTR_LOCAL_MESH_POWER_MODE attribute. No authentication or special privileges are needed beyond the ability to interact with the kernel netlink socket [1].
Impact
Successful exploitation results in a kernel buffer overread, which could leak sensitive kernel memory information to the attacker. The vulnerability is rated as High severity (CVSS v3: 7.5) due to the potential for information disclosure, though it does not directly lead to code execution or privilege escalation [1].
Mitigation
A fix was included in the November 2017 Pixel/Nexus Security Bulletin and corresponding Android security patches. Users should apply the latest security updates from their device manufacturer. No workarounds are documented. The vulnerability is not listed on the CISA KEV catalog [1].
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
23- osv-coords21 versionspkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/kernel-default&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/kernel-source&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/kernel-syms&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/kernel-xen&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/kgraft-patch-SLE12-SP1_Update_27&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/kgraft-patch-SLE12-SP1_Update_27&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/kgraft-patch-SLE12-SP1_Update_27&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/kgraft-patch-SLE12_Update_34&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS
< 3.12.74-60.64.88.1+ 20 more
- (no CPE)range: < 3.12.74-60.64.88.1
- (no CPE)range: < 3.12.61-52.128.1
- (no CPE)range: < 3.12.74-60.64.88.1
- (no CPE)range: < 3.12.74-60.64.88.1
- (no CPE)range: < 3.12.74-60.64.88.1
- (no CPE)range: < 3.12.74-60.64.88.1
- (no CPE)range: < 3.12.61-52.128.1
- (no CPE)range: < 3.12.74-60.64.88.1
- (no CPE)range: < 3.12.74-60.64.88.1
- (no CPE)range: < 3.12.74-60.64.88.1
- (no CPE)range: < 3.12.61-52.128.1
- (no CPE)range: < 3.12.74-60.64.88.1
- (no CPE)range: < 3.12.74-60.64.88.1
- (no CPE)range: < 3.12.74-60.64.88.1
- (no CPE)range: < 3.12.61-52.128.1
- (no CPE)range: < 3.12.74-60.64.88.1
- (no CPE)range: < 3.12.74-60.64.88.1
- (no CPE)range: < 1-2.3.1
- (no CPE)range: < 1-2.3.1
- (no CPE)range: < 1-2.3.1
- (no CPE)range: < 1-1.3.1
- Qualcomm, Inc./Android for MSM, Firefox OS for MSM, QRD Androidv5Range: All Android releases from CAF using the Linux kernel
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- source.android.com/security/bulletin/pixel/2017-11-01nvdPatchVendor Advisory
- usn.ubuntu.com/3620-1/nvd
- usn.ubuntu.com/3620-2/nvd
News mentions
0No linked articles in our index yet.