PT-2017-2805 · Qualcomm+2 · Qualcomm Products+2

Published

2017-04-25

Updated

2017-08-22

CVE-2017-8267

CVSS v2.0

7.6

High

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Android versions (affected versions not specified) Qualcomm products with Android releases from CAF using the Linux kernel (affected versions not specified)

Description The issue is caused by a race condition in an IOCTL handler due to synchronization errors when using a shared resource. This can lead to an integer overflow and an out-of-bounds write. A remote attacker may exploit this issue.

Recommendations For Android, update to a version that includes a fix for this issue, if available. For Qualcomm products with Android releases from CAF using the Linux kernel, apply the necessary patches or updates to resolve the issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Integer Overflow

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-362

Related Identifiers

BDU:2017-02075

CVE-2017-8267

Affected Products

Android

Linux Kernel

Qualcomm Products

PT-2017-2805 · Qualcomm+2 · Qualcomm Products+2

CVE-2017-8267

Weakness Enumeration

Related Identifiers

Affected Products

References · 4