CVE-2017-15826

HIGH

Google Android - Race Condition

Title source: rule

Description

Due to a race condition in MDSS rotator in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-20, a double free vulnerability may potentially exist when two threads free the same perf structures.

References (2)

[Vendor Advisory] https://source.android.com/security/bulletin/pixel/2018-02-01

[Patch, Third Party Advisory] https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=5ac3e9d038a7ee7edf77dde2dffae6f8ba528848

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 1.9%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-415 CWE-362

Status published

Affected Products (1)

google/android

Timeline

Published Mar 30, 2018

Tracked Since Feb 18, 2026