QwikSec

Security Database

CVE

CWE

Training

CVE-2017-8244

Published: May 12, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

In core_info_read and inst_info_read in all Android releases from CAF using the Linux kernel, variable "dbg_buf", "dbg_buf->curr" and "dbg_buf->filled_size" could be modified by different threads at the same time, but they are not protected with mutex or locks. Buffer overflow is possible on race conditions. "buffer->curr" itself could also be overwritten, which means that it may point to anywhere of kernel memory (for write).

Vendor	Product	Versions
Qualcomm, Inc.	Android for MSM, Firefox OS for MSM, QRD Android	affected `All Android releases from CAF using the Linux kernel`

References

https://www.codeaurora.org/buffer-overflow-msmvidc-debugfs-driver-coreinforead-and-instinforead-cve-2017-8244

x_refsource_CONFIRM

https://source.android.com/security/bulletin/pixel/2017-12-01

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.