CVE-2017-9708

Name of the Vulnerable Software and Affected Versions Android for MSM (affected versions not specified) Firefox OS for MSM (affected versions not specified) QRD Android (affected versions not specified)

Description The issue is related to a race condition in the camera driver. Specifically, the function msm ois power down is called without a mutex, which can lead to a race condition in the variable *reg ptr of the sub function msm camera config single vreg. This occurs in all Android releases from CAF using the Linux kernel.

Recommendations For Android for MSM, consider disabling the msm ois power down function until a patch is available. For Firefox OS for MSM, restrict access to the camera driver to minimize the risk of exploitation. For QRD Android, avoid using the msm camera config single vreg sub function in the camera driver until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.