CVE-2017-9691

MEDIUM

Android for MSM/Firefox OS for MSM/QRD Android - Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-9691. PoCs published by codecat007.

AI-analyzed exploit summary The repository contains a functional proof-of-concept exploit for CVE-2017-9691, a vulnerability in the Android kernel's Trustonic TEE driver. The PoC demonstrates a race condition by repeatedly reading from a debug file system node, which can lead to a use-after-free condition.

Description

There is a race condition in Android for MSM, Firefox OS for MSM, and QRD Android that allows to access to already free'd memory in the debug message output functionality contained within the mobicore driver.

Exploits (1)

github WORKING POC 8 stars
by codecat007 · cpoc
https://github.com/codecat007/cvehub/tree/main/android/kernel/CVE-2017-9691

The repository contains a functional proof-of-concept exploit for CVE-2017-9691, a vulnerability in the Android kernel's Trustonic TEE driver. The PoC demonstrates a race condition by repeatedly reading from a debug file system node, which can lead to a use-after-free condition.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Racy
Target: Android kernel (Trustonic TEE driver)
No auth needed
Prerequisites: Access to the device's debug file system · Android device with vulnerable kernel
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/100213

Scores

CVSS v3 4.7
EPSS 0.0002
EPSS Percentile 4.9%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-362
Status published
Products (1)
google/android
Published Mar 30, 2018
Tracked Since Feb 18, 2026