CVE-2017-18066 - In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li

CVE-2017-18066

Summary

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper controls in MSM CORE leads to use memory after it is freed in msm_core_ioctl().

References

https://source.android.com/security/bulletin/pixel/2018-03-01
https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=ff11f44c0c10c94170f03a8698f73f7e08b74625

Vulnerable Configurations

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 04-04-2018 - 13:33)
Impact:
Exploitability:

CWE

CWE-416

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

confirm	https://source.android.com/security/bulletin/pixel/2018-03-01
misc	https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=ff11f44c0c10c94170f03a8698f73f7e08b74625

Last major update

04-04-2018 - 13:33

Published

16-03-2018 - 22:29

Last modified

04-04-2018 - 13:33