CVE-2017-14883

Name: CVE-2017-14883
Creator: NVD / NIST
Published: 2018-03-30T21:29:00.607+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.70%

Last modified Jun 17, 2026

CVE-2017-14883 is a vulnerability of currently unknown severity. In the function wma_unified_power_debug_stats_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-18, if the value param_buf->num_debug_register received from the FW command buffer is close to max of uint32, then the computation performed using this variable to calculate stats_registers_len may overflow to a smaller value leading to less than required memory allocated for power_stats_results and potentially a buffer overflow while copying the FW buffer to local buffer.. EPSS estimates a 0.70% chance of exploitation in the next 30 days.

Description

In the function wma_unified_power_debug_stats_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-18, if the value param_buf->num_debug_register received from the FW command buffer is close to max of uint32, then the computation performed using this variable to calculate stats_registers_len may overflow to a smaller value leading to less than required memory allocated for power_stats_results and potentially a buffer overflow while copying the FW buffer to local buffer.

Metrics

EPSS Probability

0.70%

48.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions
Google	Android	All versions

References

https://source.android.com/security/bulletin/pixel/2018-02-01Vendor Advisory
https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=3de34af4e2ca91e1a2260deb380b81620a631c85Patch, Third Party Advisory
https://source.android.com/security/bulletin/pixel/2018-02-01Vendor Advisory
https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=3de34af4e2ca91e1a2260deb380b81620a631c85Patch, Third Party Advisory

Timeline

Published: Mar 30, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-14883?

How severe is CVE-2017-14883?

Severity scoring for CVE-2017-14883 is pending analysis. The EPSS model estimates a 0.70% probability of exploitation in the next 30 days.

How do I fix CVE-2017-14883?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-14883?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST