Main Vulnerability Database Vulnerabilities #VU37687

Information disclosure in Google Android - CVE-2017-15850

Published: January 10, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37687

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-15850

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, userspace can read values from audio codec registers.

How to mitigate CVE-2017-15850

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/pixel/2018-01-01

Information disclosure in Google Android - CVE-2017-15850

Detailed vulnerability description

How to mitigate CVE-2017-15850

Sources

Please verify you're human