gsd-2017-9691
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
There is a race condition in Android for MSM, Firefox OS for MSM, and QRD Android that allows to access to already free'd memory in the debug message output functionality contained within the mobicore driver.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-9691",
"description": "There is a race condition in Android for MSM, Firefox OS for MSM, and QRD Android that allows to access to already free\u0027d memory in the debug message output functionality contained within the mobicore driver.",
"id": "GSD-2017-9691"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-9691"
],
"details": "There is a race condition in Android for MSM, Firefox OS for MSM, and QRD Android that allows to access to already free\u0027d memory in the debug message output functionality contained within the mobicore driver.",
"id": "GSD-2017-9691",
"modified": "2023-12-13T01:21:07.465580Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-03-26T00:00:00",
"ID": "CVE-2017-9691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a race condition in Android for MSM, Firefox OS for MSM, and QRD Android that allows to access to already free\u0027d memory in the debug message output functionality contained within the mobicore driver."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Time-of-check Time-of-use (TOCTOU) Race Condition in Core"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100213",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100213"
},
{
"name": "https://www.codeaurora.org/security-bulletin/2017/11/28/november-2017-security-bulletin",
"refsource": "MISC",
"url": "https://www.codeaurora.org/security-bulletin/2017/11/28/november-2017-security-bulletin"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security.cna@qualcomm.com",
"ID": "CVE-2017-9691"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "There is a race condition in Android for MSM, Firefox OS for MSM, and QRD Android that allows to access to already free\u0027d memory in the debug message output functionality contained within the mobicore driver."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.codeaurora.org/security-bulletin/2017/11/28/november-2017-security-bulletin",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.codeaurora.org/security-bulletin/2017/11/28/november-2017-security-bulletin"
},
{
"name": "100213",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100213"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
},
"lastModifiedDate": "2018-04-23T14:01Z",
"publishedDate": "2018-03-30T21:29Z"
}
}
}
Loading...