Back to search
CVE-2017-9681
Published: Mar 30, 2018
Modified: Sep 17, 2024
PUBLISHED
Description
In Android before 2017-08-05 on Qualcomm MSM, Firefox OS for MSM, QRD Android, and all Android releases from CAF using the Linux kernel, if kernel memory address is passed from userspace through iris_vidioc_s_ext_ctrls ioctl, it will print kernel address data. A user could set it to an arbitrary kernel address, hence information disclosure (for kernel) could occur.
| Vendor | Product | Versions |
|---|---|---|
Qualcomm, Inc. | Android for MSM, Firefox OS for MSM, QRD Android | affected All Android releases from CAF using the Linux kernel |
References
https://source.android.com/security/bulletin/2017-08-01
x_refsource_CONFIRM
100210
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now