CVE-2017-18054
Description
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for num_vdev_mac_entries in wma_pdev_hw_mode_transition_evt_handler(), which is received from firmware, leads to potential buffer overflow.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Improper input validation in Qualcomm WLAN driver's handling of firmware events leads to buffer overflow, potentially allowing arbitrary code execution in kernel context.
Vulnerability
The vulnerability resides in the Qualcomm WLAN driver's wma_pdev_hw_mode_transition_evt_handler() function, which processes firmware events. The function fails to properly validate the num_vdev_mac_entries field received from firmware, leading to a potential buffer overflow. This affects Android for MSM, Firefox OS for MSM, QRD Android, and all Android releases from CAF using the Linux kernel [1].
Exploitation
An attacker with the ability to control or influence the firmware (e.g., through a compromised baseband or Wi-Fi chip) can send a crafted event containing an excessively large num_vdev_mac_entries value. When the driver processes this event, it may write beyond allocated buffers, causing a buffer overflow.
Impact
Successful exploitation could allow an attacker to execute arbitrary code in the kernel context, leading to complete compromise of the device's confidentiality, integrity, and availability.
Mitigation
Google addressed this issue in the March 2018 Pixel/Nexus Security Bulletin with a security patch level of 2018-03-05 [1]. Users should ensure their devices have received this update. No workarounds are available.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- source.android.com/security/bulletin/pixel/2018-03-01mitrex_refsource_CONFIRM
- source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.