Main Vulnerability Database Vulnerabilities #VU37926

Use-after-free in Google Android - CVE-2017-11092

Published: November 16, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU37926

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-11092

CWE-ID: CWE-416

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the KGSL driver function kgsl_ioctl_gpu_command, a Use After Free condition can potentially occur.

How to mitigate CVE-2017-11092

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/101774
https://source.android.com/security/bulletin/2017-11-01

Use-after-free in Google Android - CVE-2017-11092

Detailed vulnerability description

How to mitigate CVE-2017-11092

Sources

Please verify you're human