CVE-2017-9705

Name of the Vulnerable Software and Affected Versions Android for MSM versions prior to the fixed version Firefox OS for MSM versions prior to the fixed version QRD Android versions prior to the fixed version All Android releases from CAF using the Linux kernel versions prior to the fixed version

Description The issue arises from concurrent rx notifications and read() operations in the G-Link PKT driver, leading to a double free condition due to missing locking. This results in list del() and list add() overlapping and corrupting the next and previous pointers.

Recommendations For Android for MSM, update to a version that includes the fix for the double free condition in the G-Link PKT driver. For Firefox OS for MSM, update to a version that includes the fix for the double free condition in the G-Link PKT driver. For QRD Android, update to a version that includes the fix for the double free condition in the G-Link PKT driver. For all Android releases from CAF using the Linux kernel, update to a version that includes the fix for the double free condition in the G-Link PKT driver.