Vulnerability Details : CVE-2017-9676
In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a lock.
Vulnerability category: Memory CorruptionInformation leak
Exploit prediction scoring system (EPSS) score for CVE-2017-9676
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 21 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-9676
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.6
|
LOW | AV:N/AC:H/Au:N/C:P/I:N/A:N |
4.9
|
2.9
|
NIST |
4.7
|
MEDIUM | CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N |
1.0
|
3.6
|
NIST |
CWE ids for CVE-2017-9676
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
-
The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.Assigned by: nvd@nist.gov (Primary)
-
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-9676
-
https://source.android.com/security/bulletin/2017-09-01
Android Security Bulletin—September 2017 | Android Open Source ProjectPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/100658
Google Android Qualcomm Components Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
Products affected by CVE-2017-9676
- cpe:2.3:o:google:android:*:*:*:*:*:*:*:*