CVE-2017-11091

Name of the Vulnerable Software and Affected Versions Android for MSM (affected versions not specified) Firefox OS for MSM (affected versions not specified) QRD Android (affected versions not specified)

Description A Use-After-Free condition can potentially occur in the mdss rotator ioctl function due to a fence being installed too early. This issue is related to the /dev/mdss rotator driver and affects Android releases using the Linux kernel.

Recommendations For Android for MSM, consider restricting access to the /dev/mdss rotator driver until a fix is available. For Firefox OS for MSM, avoid using the mdss rotator ioctl function until the issue is resolved. For QRD Android, as a temporary workaround, consider disabling the mdss rotator ioctl function in the /dev/mdss rotator driver to minimize the risk of exploitation.