CVE-2017-14890
Description
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the processing of an SWBA event, the vdev_map value is not properly validated leading to a potential buffer overwrite in function wma_send_bcn_buf_ll().
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A buffer overwrite in Qualcomm WLAN firmware processing SWBA events allows privilege escalation on Android devices.
Vulnerability
The vulnerability resides in the Qualcomm WLAN driver function wma_send_bcn_buf_ll(). When processing an SWBA (Software Beacon Alert) event, the vdev_map value is not properly validated before being used as an index, leading to a potential buffer overwrite. This affects Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05 [1].
Exploitation
An attacker with local system access and the ability to inject crafted SWBA events into the WLAN firmware could trigger this vulnerability. No user interaction is required beyond having the WLAN driver active. By controlling the vdev_map value, the attacker can write beyond the allocated buffer boundaries.
Impact
Successful exploitation allows an attacker to corrupt adjacent memory, potentially leading to a denial-of-service condition or arbitrary code execution in the context of the kernel. This can result in local privilege escalation and full compromise of the affected device [1].
Mitigation
The issue was fixed in the Android security patch level 2018-04-05. Users should ensure their devices receive the April 2018 security update or later. No workaround is provided if the patch cannot be applied [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: before Android security patch level 2018-04-05
- Range: before Android security patch level 2018-04-05
- Range: before Android security patch level 2018-04-05
- Qualcomm, Inc./Android for MSM, Firefox OS for MSM, QRD Androidv5Range: All Android releases from CAF using the Linux kernel
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- source.android.com/security/bulletin/pixel/2018-04-01mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.