In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 835, SD 845, while processing a SetParam command packet in the VR service, the extracted name_len and value_len values are not checked and could potentially cause a buffer overflow in subsequent calls to memcpy().
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
qualcomm msm8909w_firmware - |
||
qualcomm sd_210_firmware - |
||
qualcomm sd_212_firmware - |
||
qualcomm sd_205_firmware - |
||
qualcomm sd_430_firmware - |
||
qualcomm sd_450_firmware - |
||
qualcomm sd_625_firmware - |
||
qualcomm sd_650_firmware - |
||
qualcomm sd_652_firmware - |
||
qualcomm sd_820_firmware - |
||
qualcomm sd_835_firmware - |
||
qualcomm sd_845_firmware - |