CVE-2017-18053

Vulnerability

In Android for MSM, Firefox OS for MSM, QRD Android, and all Android releases from CAF using the Linux kernel, an improper input validation issue exists in the wma_p2p_lo_event_handler() function. The handler fails to validate the fix_param->vdev_id value received from firmware, which can lead to a potential out-of-bounds memory read. This vulnerability affects Android devices with the affected Qualcomm WLAN driver, as described in the March 2018 Pixel/Nexus Security Bulletin [1].

Exploitation

An attacker would need control over the firmware to pass a crafted vdev_id parameter to the vulnerable code path. The issue occurs during processing of a P2P loopback event, requiring the attacker to either compromise the firmware or have a way to inject malicious firmware responses into the WLAN interface.

Impact

Successful exploitation could result in an out-of-bounds memory read, potentially leading to information disclosure of sensitive kernel memory. The impact is limited to reading memory beyond the intended bounds, as the vulnerability does not indicate write capabilities [1].

Mitigation

Google addressed this vulnerability in the March 2018 Pixel/Nexus Security Bulletin with a security patch level of 2018-03-05. Users should ensure their devices receive this update. The fix is available as part of the Google device firmware images published on the Google Developer site [1]. No alternative workarounds are disclosed in the available reference.