CVE-2017-15834

Name of the Vulnerable Software and Affected Versions: Android for MSM (affected versions not specified) Firefox OS for MSM (affected versions not specified) QRD Android (affected versions not specified)

Description: A race condition exists in the diag dbgfs read dcistats() function when accessing diag dbgfs dci data index, potentially leading to a heap overflow. This issue affects Android releases from CAF using the Linux kernel.

Recommendations: For Android for MSM, consider restricting access to the diag dbgfs read dcistats() function until a patch is available. For Firefox OS for MSM, avoid using the diag dbgfs dci data index variable in the affected function until the issue is resolved. For QRD Android, as a temporary workaround, consider disabling the diag dbgfs read dcistats() function until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.