CVE-2017-14915

Name of the Vulnerable Software and Affected Versions Android versions prior to 2018-01-05 on Qualcomm Snapdragon Mobile SD 625, SD 650/52, SD 835

Description The issue is related to the use of memory after it has been freed in the Qualcomm SPCOM component of the Android operating system. This can allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability can be exploited by accessing SPCOM functions with a compromised client structure, resulting in a Use After Free condition.

Recommendations For Android versions prior to 2018-01-05 on Qualcomm Snapdragon Mobile SD 625, SD 650/52, SD 835, consider restricting access to SPCOM functions until a patch is available. As a temporary workaround, avoid using compromised client structures to access SPCOM functions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.