In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MSM8974, lack of length checking in OEMCrypto_DeriveKeysFromSessionKey() could lead to a buffer overflow vulnerability.
[
{
"product": "Snapdragon Mobile",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "MSM8974"
}
]
}
]