CVE-2017-11006

Name of the Vulnerable Software and Affected Versions Android for MSM versions prior to the fixed version QRD Android versions prior to the fixed version Android releases from CAF using the Linux kernel versions prior to the fixed version

Description The issue is related to a Use After Free condition in the Qualcomm GNSS component of the Android operating system, which is associated with the use of memory after it has been freed. This can allow a remote attacker to execute arbitrary code. The condition can occur during positioning.

Recommendations For Android for MSM, update to a version that includes the fix for this issue. For QRD Android, update to a version that includes the fix for this issue. For Android releases from CAF using the Linux kernel, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the positioning functionality until a patch is available.