CVE-2017-14881 - While calling the IPA IOCTL handler for IPA_IOC_ADD_HDR_PROC_CTX in Android for MSM, Firefox OS for

CVE-2017-14881

Summary

While calling the IPA IOCTL handler for IPA_IOC_ADD_HDR_PROC_CTX in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-13, a use-after-free condition may potentially occur.

References

https://source.android.com/security/bulletin/pixel/2018-02-01
https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=81ea9c34f575422a78015535c619500c34b8a69c

Vulnerable Configurations

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 25-04-2018 - 15:02)
Impact:
Exploitability:

CWE

CWE-416

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

confirm	https://source.android.com/security/bulletin/pixel/2018-02-01
misc	https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=81ea9c34f575422a78015535c619500c34b8a69c

Last major update

25-04-2018 - 15:02

Published

30-03-2018 - 21:29

Last modified

25-04-2018 - 15:02