CVE-2017-9691

EPSS 0.02%
Veröffentlicht 30.03.2018 21:29:01
Zuletzt bearbeitet 21.11.2024 03:36:39
Quelle product-security@qualcomm.com
CVE-Watchlists
Login
Unerledigt
Login

There is a race condition in Android for MSM, Firefox OS for MSM, and QRD Android that allows to access to already free'd memory in the debug message output functionality contained within the mobicore driver.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Android Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.024

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.7	1	3.6	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	1.9	3.4	2.9	AV:L/AC:M/Au:N/C:P/I:N/A:N

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

http://www.securityfocus.com/bid/100213

Third Party Advisory

VDB Entry

https://www.codeaurora.org/security-bulletin/2017/11/28/november-2017-security-bulletin

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-9691

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-9691

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-9691

EUVD