Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2017-8246

UNKNOWN
Published 2017-05-12T20:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2017-8246. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

In function msm_pcm_playback_close() in all Android releases from CAF using the Linux kernel, prtd is assigned substream->runtime->private_data. Later, prtd is freed. However, prtd is not sanitized and set to NULL, resulting in a dangling pointer. There are other functions that access the same memory (substream->runtime->private_data) with a NULL check, such as msm_pcm_volume_ctl_put(), which means this freed memory could be used.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Qualcomm, Inc.

Android for MSM, Firefox OS for MSM, QRD Android

Affected Versions:

All Android releases from CAF using the Linux kernel

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-qx82-prw3-cr2g

Advisory Details

In function msm_pcm_playback_close() in all Android releases from CAF using the Linux kernel, prtd is assigned substream->runtime->private_data. Later, prtd is freed. However, prtd is not sanitized and set to NULL, resulting in a dangling pointer. There are other functions that access the same memory (substream->runtime->private_data) with a NULL check, such as msm_pcm_volume_ctl_put(), which means this freed memory could be used.

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-8246
WEB https://source.android.com/security/bulletin/2017-07-01
WEB https://www.codeaurora.org/use-after-free-alsa-pcm-playback-kernel-module-cve-2017-8246

Advisory provided by GitHub Security Advisory Database. Published: May 13, 2022, Modified: May 13, 2022

References

https://source.android.com/security/bulletin/2017-07-01
https://www.codeaurora.org/use-after-free-alsa-pcm-playback-kernel-module-cve-2017-8246
Published: 2017-05-12T20:00:00
Last Modified: 2024-08-05T16:27:23.233Z
Copied to clipboard!