cve-2017-9691
Vulnerability from cvelistv5
Published
2018-03-30 21:00
Modified
2024-09-17 00:06
Severity
Summary
There is a race condition in Android for MSM, Firefox OS for MSM, and QRD Android that allows to access to already free'd memory in the debug message output functionality contained within the mobicore driver.
References
SourceURLTags
product-security@qualcomm.comhttp://www.securityfocus.com/bid/100213Third Party Advisory, VDB Entry
product-security@qualcomm.comhttps://www.codeaurora.org/security-bulletin/2017/11/28/november-2017-security-bulletinPatch, Third Party Advisory
Impacted products
VendorProduct
Qualcomm, Inc.Android for MSM, Firefox OS for MSM, QRD Android
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:18:00.977Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "100213",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100213"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.codeaurora.org/security-bulletin/2017/11/28/november-2017-security-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Android for MSM, Firefox OS for MSM, QRD Android",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "All Android releases from CAF using the Linux kernel"
            }
          ]
        }
      ],
      "datePublic": "2018-03-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "There is a race condition in Android for MSM, Firefox OS for MSM, and QRD Android that allows to access to already free\u0027d memory in the debug message output functionality contained within the mobicore driver."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Time-of-check Time-of-use (TOCTOU) Race Condition in Core",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-31T09:57:01",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "name": "100213",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100213"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.codeaurora.org/security-bulletin/2017/11/28/november-2017-security-bulletin"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@qualcomm.com",
          "DATE_PUBLIC": "2018-03-26T00:00:00",
          "ID": "CVE-2017-9691",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All Android releases from CAF using the Linux kernel"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Qualcomm, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There is a race condition in Android for MSM, Firefox OS for MSM, and QRD Android that allows to access to already free\u0027d memory in the debug message output functionality contained within the mobicore driver."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Time-of-check Time-of-use (TOCTOU) Race Condition in Core"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "100213",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100213"
            },
            {
              "name": "https://www.codeaurora.org/security-bulletin/2017/11/28/november-2017-security-bulletin",
              "refsource": "MISC",
              "url": "https://www.codeaurora.org/security-bulletin/2017/11/28/november-2017-security-bulletin"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2017-9691",
    "datePublished": "2018-03-30T21:00:00Z",
    "dateReserved": "2017-06-15T00:00:00",
    "dateUpdated": "2024-09-17T00:06:53.873Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-9691\",\"sourceIdentifier\":\"product-security@qualcomm.com\",\"published\":\"2018-03-30T21:29:01.370\",\"lastModified\":\"2018-04-23T14:01:15.957\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"There is a race condition in Android for MSM, Firefox OS for MSM, and QRD Android that allows to access to already free\u0027d memory in the debug message output functionality contained within the mobicore driver.\"},{\"lang\":\"es\",\"value\":\"Existe una condici\u00f3n de carrera en Android for MSM, Firefox OS for MSM y QRD Android que permite que se acceda a memoria ya liberada en la funcionalidad de env\u00edo de mensajes de depuraci\u00f3n que est\u00e1 contenida en el controlador mobicore.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.7,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.0,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:P/I:N/A:N\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":1.9},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.4,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/100213\",\"source\":\"product-security@qualcomm.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.codeaurora.org/security-bulletin/2017/11/28/november-2017-security-bulletin\",\"source\":\"product-security@qualcomm.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.