PT-2018-5735 · Mozilla+1 · Firefox Os+2

Publicado

2018-04-03

·

Atualizado

2019-10-03

·

CVE-2017-14880

CVSS v2.0

4.6

Média

VetorAV:L/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions: Qualcomm Android for MSM versions prior to security patch level 2018-04-05 Firefox OS for MSM versions prior to security patch level 2018-04-05 QRD Android versions prior to security patch level 2018-04-05
Description: The issue arises when the IPA WAN-driver processes multiple requests from the modem or user-space module. Specifically, the global variable num q6 rule lacks a mutex lock, allowing it to be accessed and modified by multiple threads simultaneously.
Recommendations: For Qualcomm Android for MSM versions prior to security patch level 2018-04-05, update to a version with a security patch level of 2018-04-05 or later. For Firefox OS for MSM versions prior to security patch level 2018-04-05, update to a version with a security patch level of 2018-04-05 or later. For QRD Android versions prior to security patch level 2018-04-05, update to a version with a security patch level of 2018-04-05 or later.

Correção

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362

Identificadores relacionados

CVE-2017-14880

Produtos afetados

Firefox Os
Qrd Android
Qualcomm Android