{"containers": {"cna": {"affected": [{"product": "Android for MSM, Firefox OS for MSM, QRD Android", "vendor": "Qualcomm, Inc.", "versions": [{"status": "affected", "version": "All Android releases from CAF using the Linux kernel"}]}], "datePublic": "2017-11-01T00:00:00", "descriptions": [{"lang": "en", "value": "In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes"}], "problemTypes": [{"descriptions": [{"description": "Buffer Over-read in WLAN", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-04-05T09:57:01", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm"}, "references": [{"name": "USN-3620-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3620-2/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01"}, {"name": "USN-3620-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3620-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@qualcomm.com", "DATE_PUBLIC": "2017-11-01T00:00:00", "ID": "CVE-2017-11089", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Android for MSM, Firefox OS for MSM, QRD Android", "version": {"version_data": [{"version_value": "All Android releases from CAF using the Linux kernel"}]}}]}, "vendor_name": "Qualcomm, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Buffer Over-read in WLAN"}]}]}, "references": {"reference_data": [{"name": "USN-3620-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3620-2/"}, {"name": "https://source.android.com/security/bulletin/pixel/2017-11-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-11-01"}, {"name": "USN-3620-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3620-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T17:57:57.587Z"}, "title": "CVE Program Container", "references": [{"name": "USN-3620-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3620-2/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01"}, {"name": "USN-3620-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3620-1/"}]}]}, "cveMetadata": {"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2017-11089", "datePublished": "2017-11-16T22:00:00Z", "dateReserved": "2017-07-07T00:00:00", "dateUpdated": "2024-09-16T21:03:37.824Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes"}, {"lang": "es", "value": "En Android for MSM, Firefox OS for MSM, QRD Android, con todas las distribuciones de Android de CAF que utilizan el kernel de Linux, se observa una sobrelectura de b\u00fafer en nl80211_set_station cuando la aplicaci\u00f3n del espacio de usuario env\u00eda el atributo NL80211_ATTR_LOCAL_MESH_POWER_MODE con datos de un tama\u00f1o inferior a 4 bytes."}], "id": "CVE-2017-11089", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-16T22:29:01.190", "references": [{"source": "product-security@qualcomm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01"}, {"source": "product-security@qualcomm.com", "url": "https://usn.ubuntu.com/3620-1/"}, {"source": "product-security@qualcomm.com", "url": "https://usn.ubuntu.com/3620-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://source.android.com/security/bulletin/pixel/2017-11-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/3620-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/3620-2/"}], "sourceIdentifier": "product-security@qualcomm.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: Out-of-bounds read in nl80211_set_station allows privileged local attacker to cause system crash or possibly code execution", "id": "1564038", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564038"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-125", "details": ["In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes", "A flaw was found in the netlink 802.11 configuration interface. A local privileged attacker (CAP_NET_ADMIN) could crash the system or possibly execute arbitrary code."], "name": "CVE-2017-11089", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2017-07-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-11089\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-11089"], "threat_severity": "Moderate"}

{}