CVE-2017-18055
Description
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for wmi_event->num_vdev_mac_entries in wma_pdev_set_hw_mode_resp_evt_handler(), which is received from firmware, leads to potential buffer overflow.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Improper input validation in Qualcomm WiFi driver allows buffer overflow via crafted firmware event.
Vulnerability
In Android for MSM, Firefox OS for MSM, QRD Android, and all Android releases from CAF using the Linux kernel, improper input validation of wmi_event->num_vdev_mac_entries in wma_pdev_set_hw_mode_resp_evt_handler() leads to a potential buffer overflow. This handler processes events received from firmware.
Exploitation
An attacker with the ability to send a crafted firmware event to the device can trigger a buffer overflow. No authentication or user interaction is required if the attacker can control the firmware response.
Impact
Successful exploitation may result in a buffer overflow, which could allow an attacker to execute arbitrary code or cause a denial of service in the context of the kernel.
Mitigation
This issue is fixed in the Android security patch level 2018-03-05, as provided in the Pixel/Nexus Security Bulletin of March 2018 [1]. Users should update to this patch level or later.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- source.android.com/security/bulletin/pixel/2018-03-01mitrex_refsource_CONFIRM
- source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.