CVE-2017-13161

Vulnerability

A vulnerability exists in the Broadcom wireless driver (bcmdhd) as used in the Android kernel. A buffer overflow occurs when processing a specially crafted BCM plugin, allowing an attacker to corrupt kernel memory. The affected versions include Android kernel on Pixel and Nexus devices prior to the 2017-12-05 security patch level. [1]

Exploitation

An attacker with local access (e.g., via a malicious app) can trigger the overflow by sending a crafted BCM plugin to the wireless driver. No additional privileges are required, but the attacker must be able to interact with the affected driver through standard Android IPC or system calls. [1]

Impact

Successful exploitation leads to elevation of privilege (EoP) within the kernel. An attacker can execute arbitrary code in the kernel context, gaining full control of the device's operating system, including the ability to install programs, modify system data, or access sensitive information. [1]

Mitigation

Google released a patch as part of the 2017-12-05 security patch level, included in the Pixel/Nexus Security Bulletin for December 2017. Affected devices should update to this patch level or later. No workaround is provided; updating is the only recommended mitigation. [1]