CVE-2017-18145

Name of the Vulnerable Software and Affected Versions: Android versions prior to security patch level 2018-04-05

Description: The issue is related to the Qualcomm Data Network Stack & Connectivity component in Android. It involves a Use After Free condition that occurs when the DPM native process is processing framework events. Specifically, the iterator pointer is deleted after processing an event, and when subsequent events are processed, this leads to a Use After Free condition. This could potentially allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations: For Android versions prior to security patch level 2018-04-05, update to a version that includes the 2018-04-05 security patch or later to resolve the issue.