CVE-2017-15830

Vulnerability

In Android for MSM, Firefox OS for MSM, QRD Android, and all Android releases from CAF using the Linux kernel, the sme_set_plm_request() function in the Wi-Fi driver improperly initializes the ch_list array index. This can cause a buffer overflow when processing a PLM request. The vulnerability exists in kernel code used by affected platforms and is referenced in the March 2018 Pixel/Nexus Security Bulletin [1].

Exploitation

An attacker must be in a position to send a crafted PLM request to the affected device, likely requiring local access or a compromised Wi-Fi subsystem. The improper array index leads to out-of-bounds memory access when the function processes the request [1].

Impact

Successful exploitation could result in a buffer overflow, potentially allowing an attacker to corrupt memory. The bulletin categorizes this as a type of vulnerability that could lead to escalation of privilege or denial of service, depending on how the overflow is leveraged [1].

Mitigation

The fix is included in the March 2018 security patch level (2018-03-05) for Google Pixel and Nexus devices. Users should apply the update to their devices. No workaround is mentioned in the available reference [1].