CVE-2017-9687

Name of the Vulnerable Software and Affected Versions Android for MSM versions (affected versions not specified) Firefox OS for MSM versions (affected versions not specified) QRD Android versions (affected versions not specified)

Description The issue arises from a race condition where two concurrent threads or processes can write the value of "0" to the debugfs file controlling ipa ipc log. This can lead to a double-free in the ipc log context destroy() function. Additionally, a Use-After-Free condition can occur due to the race condition when the ipc log is deallocated via the debugfs call during a log print.

Recommendations For Android for MSM, consider restricting access to the debugfs file to minimize the risk of exploitation. For Firefox OS for MSM, avoid using the debugfs call during log print until the issue is resolved. For QRD Android, as a temporary workaround, consider disabling the ipc log context destroy() function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.