CVE-2016-3874

CVE-2016-3874

EPSS 0.8%

CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android before 2016-09-05 on Nexus 5X devices does not properly validate the arguments array, which allows attackers to gain privileges via a crafted application that sends a WE_UNIT_TEST_CMD command, aka Android internal bug 29944562 and Qualcomm internal bug CR997797.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://source.android.com/security/bulletin/2016-09-01.html https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=50e8f265b3f7926aeb4e49c33f7301ace89faa77 https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=a3974e61c960aadcc147c3c5704a67309171642d http://www.securityfocus.com/bid/92882 http://www.securitytracker.com/id/1036763