CVE-2017-13184

Name of the Vulnerable Software and Affected Versions: Android versions 8.0, 8.1

Description: The issue is related to a possible use after free of mVSyncInjector in the enableVSyncInjections function of SurfaceFlinger. This could lead to a local elevation of privilege, enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.

Recommendations: For Android versions 8.0 and 8.1, consider restricting access to the enableVSyncInjections function of SurfaceFlinger until a patch is available. As a temporary workaround, consider disabling the enableVSyncInjections function to minimize the risk of exploitation.