Information disclosure in Google Android - CVE-2017-15852
Published: March 30, 2018 / Updated: August 8, 2020
Vulnerability identifier: #VU37336
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-15852
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Google
Affected software:
Google Android
Google Android
Detailed vulnerability description
The vulnerability allows a local authenticated user to execute arbitrary code.
Information leak of the ISPIF base address in Android for MSM, Firefox OS for MSM, and QRD Android can occur in the camera driver.
How to mitigate CVE-2017-15852
Install update from vendor's website.