Main Vulnerability Database Vulnerabilities #VU37297

Race condition in Google Android - CVE-2017-14880

Published: April 3, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37297

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-14880

CWE-ID: CWE-362

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while IPA WAN-driver is processing multiple requests from modem/user-space module, the global variable "num_q6_rule" does not have a mutex lock and thus can be accessed and modified by multiple threads.

How to mitigate CVE-2017-14880

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/pixel/2018-04-01

Race condition in Google Android - CVE-2017-14880

Detailed vulnerability description

How to mitigate CVE-2017-14880

Sources

Please verify you're human