CVE-2017-6899

Name of the Vulnerable Software and Affected Versions android kernel huawei msm8916 versions through 2017-06-16

Description The issue allows attackers to cause a denial of service, resulting in a NULL pointer dereference and device crash, via a crafted write request to the /sys/kernel/debug/msm-bus-dbg/client-data/update-request endpoint. This is due to a problem in the msm bus dbg update request write function.

Recommendations For android kernel huawei msm8916 versions through 2017-06-16, consider restricting access to the /sys/kernel/debug/msm-bus-dbg/client-data/update-request endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the msm bus dbg update request write function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.