Main Vulnerability Database Vulnerabilities #VU37023

Reachable Assertion in Google Android - CVE-2017-18169

Published: June 15, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37023

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-18169

CWE-ID: CWE-617

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

User process can perform the kernel DOS in ashmem when doing cache maintenance operation in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.

How to mitigate CVE-2017-18169

Install update from vendor's website.

Sources

https://www.codeaurora.org/security-bulletin/2018/06/04/june-2018-code-aurora-security-bulletin

Reachable Assertion in Google Android - CVE-2017-18169

Detailed vulnerability description

How to mitigate CVE-2017-18169

Sources

Please verify you're human