Main Vulnerability Database Vulnerabilities #VU37837

Improper Resource Shutdown or Release in Google Android - CVE-2017-11016

Published: December 5, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU37837

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-11016

CWE-ID: CWE-404

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when memory allocation fails while creating a calibration block in create_cal_block stale pointers are left uncleared.

How to mitigate CVE-2017-11016

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/pixel/2017-12-01

Improper Resource Shutdown or Release in Google Android - CVE-2017-11016

Detailed vulnerability description

How to mitigate CVE-2017-11016

Sources

Please verify you're human