CVE-2017-11121: Buffer Overflow

Q: What is CVE-2017-11121?

CVE-2017-11121 is a vulnerability affecting Wi-Fi chips, specifically the Broadcom BCM4355C0 Wi-Fi chip.

Q: What is the severity of CVE-2017-11121?

CVE-2017-11121 has a severity level of critical with a value of 9.

Q: How does CVE-2017-11121 affect Google Android devices?

CVE-2017-11121 affects Google Android devices running on Broadcom BCM4355C0 Wi-Fi chips with the firmware version 9.44.78.27.0.1.56 and earlier.

Q: How does CVE-2017-11121 affect Apple iOS devices?

CVE-2017-11121 affects Apple iOS devices running on iOS version up to and excluding 11.0.

Q: How can I fix CVE-2017-11121?

To fix CVE-2017-11121, apply the necessary firmware or software updates provided by the respective vendors - Google and Apple.

Published Sep 5, 2017

Updated

On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka B-V2017061205.

Other sources

Wi-Fi. A memory corruption issue was addressed with improved memory handling.

Credit

Gal Beniamini(Google Project Zero)

Affected Software

7 affected componentsFixes available

Apple tvOS<11

Google Android

Apple iOS<11

Broadcom Bcm4355c0 Firmware=9.44.78.27.0.1.56

Broadcom BCM4355C0

Apple iPhone OS<11.0

Apple tvOS<11.0

Event History

Sep 5, 2017

CVE Published

via Android·12:00 AM

Data Sourced

via Android·12:00 AM

SeverityWeaknessAffected Software

Sep 27, 2017

CVE Published

via MITRE·05:00 PM

Data Sourced

via MITRE·05:00 PM

Description

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

CVE-2017-13832
CVE-2017-13829
CVE-2017-13833
CVE-2017-7083
CVE-2017-0381
CVE-2017-13825
CVE-2017-13815
CVE-2017-13828
CVE-2017-13830
CVE-2017-13814
CVE-2017-13831
CVE-2017-13817
CVE-2017-13818
CVE-2017-13836
CVE-2017-13841
CVE-2017-13840
CVE-2017-13842
CVE-2017-13782
CVE-2017-13843
CVE-2017-7114
CVE-2017-13854
CVE-2017-13834
CVE-2017-13873
CVE-2017-13813
CVE-2017-13816
CVE-2017-13812
CVE-2017-7086
CVE-2017-1000373
CVE-2016-9063
CVE-2017-9233
CVE-2017-9049
CVE-2017-5130
CVE-2017-7376
CVE-2017-9050
CVE-2017-13822
CVE-2017-7080
CVE-2017-10989
CVE-2017-7128
CVE-2017-7129
CVE-2017-7130
CVE-2017-7127
CVE-2017-7081
CVE-2017-7087
CVE-2017-7091
CVE-2017-7092
CVE-2017-7093
CVE-2017-7094
CVE-2017-7095
CVE-2017-7096
CVE-2017-7098
CVE-2017-7099
CVE-2017-7100
CVE-2017-7102
CVE-2017-7104
CVE-2017-7107
CVE-2017-7111
CVE-2017-7117
CVE-2017-7120
CVE-2017-7090
CVE-2017-7109
CVE-2017-11120
CVE-2017-11121
CVE-2017-7103
CVE-2017-7105
CVE-2017-7108
CVE-2017-7110
CVE-2017-7112
CVE-2017-7115
CVE-2017-7116
CVE-2017-11122
CVE-2016-9840
CVE-2016-9841
CVE-2016-9842
CVE-2016-9843
CVE-2017-13863
CVE-2017-7131
CVE-2017-13821
CVE-2017-7088
CVE-2017-11103
CVE-2017-7072
CVE-2017-7140
CVE-2018-4302
CVE-2017-7148
CVE-2017-7078
CVE-2017-7097
CVE-2017-7118
CVE-2017-7133
CVE-2017-7075
CVE-2017-7139
CVE-2017-13806
CVE-2017-7132
CVE-2017-7085
CVE-2017-13877
CVE-2017-7146
CVE-2017-6211
CVE-2017-7145
CVE-2017-7089
CVE-2017-7106
CVE-2017-7144
CVE-2017-7142

Frequently Asked Questions

What is CVE-2017-11121?

CVE-2017-11121 is a vulnerability affecting Wi-Fi chips, specifically the Broadcom BCM4355C0 Wi-Fi chip.

What is the severity of CVE-2017-11121?