Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, in drmprov_cmd_verify_key(), the variable feature_name_length is not validated. There is a check for feature_name_len + filePathLen but there might be an integer wrap when checking feature_name_len + filePathLen. This leads to a buffer overflow.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Android Qualcomm闭源组件缓冲区错误漏洞
Vulnerability Description
Android是美国谷歌(Google)公司和开放手持设备联盟(简称OHA)共同开发的一套以Linux为基础的开源操作系统。Qualcomm SD 400和Qualcomm SD 800都是美国高通(Qualcomm)公司的中央处理器(CPU)产品。 Android 2018-04-05之前的版本中的Qualcomm闭源组件存在缓冲区溢出漏洞,该漏洞源于在‘drmprov_cmd_verify_key()’函数中,程序没有校验feature_name_length变量。攻击者可利用该漏洞执行任意代码或造成
CVSS Information
N/A
Vulnerability Type
N/A