Main Vulnerability Database Vulnerabilities #VU37341

Race condition in Google Android - CVE-2017-9691

Published: March 30, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37341

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-9691

CWE-ID: CWE-362

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to gain access to sensitive information.

There is a race condition in Android for MSM, Firefox OS for MSM, and QRD Android that allows to access to already free'd memory in the debug message output functionality contained within the mobicore driver.

How to mitigate CVE-2017-9691

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/100213
https://www.codeaurora.org/security-bulletin/2017/11/28/november-2017-security-bulletin

Race condition in Google Android - CVE-2017-9691

Detailed vulnerability description

How to mitigate CVE-2017-9691

Sources

Please verify you're human