CVE-2017-14877

CRITICAL

Android IPA Driver - Use-After-Free via IOCTL Command Race Condition

Title source: llm
STIX 2.1

Description

While the IPA driver in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-08-31 is processing IOCTL commands there is no mutex lock of allocated memory. If one thread sends an ioctl cmd IPA_IOC_QUERY_RT_TBL_INDEX while another sends an ioctl cmd IPA_IOC_DEL_RT_RULE, a use-after-free condition may occur.

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0060
EPSS Percentile 44.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (1)
google/android
Published Mar 30, 2018
Tracked Since Feb 18, 2026