VYPR
← All advisories
High severity7.8NVD Advisory· Published Aug 11, 2017· Updated May 13, 2026

CVE-2017-8273

CVE-2017-8273

Description

In all Qualcomm products with Android release from CAF using the Linux kernel, while processing fastboot boot command when verified boot feature is disabled, with length greater than boot image buffer, a buffer overflow can occur.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Buffer overflow in Qualcomm fastboot processing when verified boot disabled allows potential code execution.

Vulnerability

The vulnerability exists in Qualcomm products with Android releases from CAF using the Linux kernel. During processing of the fastboot boot command, when the verified boot feature is disabled, a buffer overflow can occur if the length of the boot command exceeds the boot image buffer. Affected versions include all Qualcomm products with the indicated configuration prior to patches in the July 2017 Android Security Bulletin [1].

Exploitation

An attacker with physical or local access to the device can exploit this vulnerability by sending a crafted fastboot boot command with a length greater than the boot image buffer while verified boot is disabled. No additional authentication is required beyond the ability to access the fastboot mode.

Impact

Successful exploitation could lead to a buffer overflow, potentially allowing arbitrary code execution or system crash, with elevated privileges in the bootloader context.

Mitigation

Patches were included in the July 2017 Android Security Bulletin [1]. Users should apply the update from their device manufacturer. There is no known workaround; verified boot should be enabled to reduce risk.

References
  1. Android Security Bulletin—July 2017

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3
  • Google/Android
    cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
  • Qualcomm/Snapdragonllm-create
  • Qualcomm, Inc./All Qualcomm productsv5
    Range: All Android releases from CAF using the Linux kernel

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.