Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2017-AVI-283
Vulnerability from certfr_avis - Published: 2017-09-06 - Updated: 2017-09-06
De multiples vulnérabilités ont été corrigées dans Google Android (Nexus). Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Google Android (Nexus) toutes versions n'intégrant pas le correctif de sécurité du 5 septembre 2017
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eGoogle Android (Nexus) toutes versions n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 du 5 septembre 2017\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-0795",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0795"
},
{
"name": "CVE-2017-9150",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9150"
},
{
"name": "CVE-2017-0771",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0771"
},
{
"name": "CVE-2017-11041",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11041"
},
{
"name": "CVE-2017-10998",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10998"
},
{
"name": "CVE-2017-6983",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6983"
},
{
"name": "CVE-2017-0756",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0756"
},
{
"name": "CVE-2017-0773",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0773"
},
{
"name": "CVE-2017-0796",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0796"
},
{
"name": "CVE-2017-10996",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10996"
},
{
"name": "CVE-2017-0798",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0798"
},
{
"name": "CVE-2017-9676",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9676"
},
{
"name": "CVE-2017-0768",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0768"
},
{
"name": "CVE-2017-8250",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8250"
},
{
"name": "CVE-2017-0774",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0774"
},
{
"name": "CVE-2017-0800",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0800"
},
{
"name": "CVE-2017-6346",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6346"
},
{
"name": "CVE-2017-0760",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0760"
},
{
"name": "CVE-2017-7065",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7065"
},
{
"name": "CVE-2017-0752",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0752"
},
{
"name": "CVE-2017-0758",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0758"
},
{
"name": "CVE-2017-8247",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8247"
},
{
"name": "CVE-2017-0780",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0780"
},
{
"name": "CVE-2017-0789",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0789"
},
{
"name": "CVE-2017-0759",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0759"
},
{
"name": "CVE-2017-0777",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0777"
},
{
"name": "CVE-2017-0755",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0755"
},
{
"name": "CVE-2017-11001",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11001"
},
{
"name": "CVE-2017-0804",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0804"
},
{
"name": "CVE-2017-10999",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10999"
},
{
"name": "CVE-2017-10997",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10997"
},
{
"name": "CVE-2017-0801",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0801"
},
{
"name": "CVE-2017-0784",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0784"
},
{
"name": "CVE-2017-9076",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9076"
},
{
"name": "CVE-2017-0766",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0766"
},
{
"name": "CVE-2017-7495",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7495"
},
{
"name": "CVE-2017-8280",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8280"
},
{
"name": "CVE-2017-12146",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12146"
},
{
"name": "CVE-2017-0776",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0776"
},
{
"name": "CVE-2017-8251",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8251"
},
{
"name": "CVE-2017-6214",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6214"
},
{
"name": "CVE-2017-0803",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0803"
},
{
"name": "CVE-2017-7616",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7616"
},
{
"name": "CVE-2017-0802",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0802"
},
{
"name": "CVE-2017-0761",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0761"
},
{
"name": "CVE-2017-0779",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0779"
},
{
"name": "CVE-2017-0788",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0788"
},
{
"name": "CVE-2017-0793",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0793"
},
{
"name": "CVE-2017-7487",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7487"
},
{
"name": "CVE-2017-0792",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0792"
},
{
"name": "CVE-2017-0764",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0764"
},
{
"name": "CVE-2017-0772",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0772"
},
{
"name": "CVE-2017-11000",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11000"
},
{
"name": "CVE-2017-0753",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0753"
},
{
"name": "CVE-2017-0786",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0786"
},
{
"name": "CVE-2017-0787",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0787"
},
{
"name": "CVE-2017-9720",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9720"
},
{
"name": "CVE-2017-0769",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0769"
},
{
"name": "CVE-2017-0799",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0799"
},
{
"name": "CVE-2017-0794",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0794"
},
{
"name": "CVE-2017-9724",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9724"
},
{
"name": "CVE-2017-5897",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5897"
},
{
"name": "CVE-2017-9677",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9677"
},
{
"name": "CVE-2017-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0778"
},
{
"name": "CVE-2017-11002",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11002"
},
{
"name": "CVE-2017-0790",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0790"
},
{
"name": "CVE-2017-8281",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8281"
},
{
"name": "CVE-2017-0757",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0757"
},
{
"name": "CVE-2017-11040",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11040"
},
{
"name": "CVE-2017-8890",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8890"
},
{
"name": "CVE-2017-0763",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0763"
},
{
"name": "CVE-2017-8277",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8277"
},
{
"name": "CVE-2017-0765",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0765"
},
{
"name": "CVE-2017-8278",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8278"
},
{
"name": "CVE-2017-9725",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9725"
},
{
"name": "CVE-2017-0791",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0791"
},
{
"name": "CVE-2017-0797",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0797"
},
{
"name": "CVE-2017-0767",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0767"
},
{
"name": "CVE-2017-0775",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0775"
},
{
"name": "CVE-2017-0770",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0770"
},
{
"name": "CVE-2017-0762",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0762"
}
],
"initial_release_date": "2017-09-06T00:00:00",
"last_revision_date": "2017-09-06T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-283",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-09-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eGoogle Android (Nexus)\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android (Nexus)",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Android du 05 septembre 2017",
"url": "https://source.android.com/security/bulletin/2017-09-01"
}
]
}
CVE-2017-8278 (GCVE-0-2017-8278)
Vulnerability from cvelistv5 – Published: 2017-09-21 15:00 – Updated: 2024-08-05 16:34
VLAI
EPSS
Summary
In all Qualcomm products with Android releases from CAF using the Linux kernel, while reading audio data from an unspecified driver, a buffer overflow or integer overflow could occur.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/100658 | vdb-entryx_refsource_BID |
Date Public
2017-09-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "100658",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100658"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, while reading audio data from an unspecified driver, a buffer overflow or integer overflow could occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-22T09:57:01.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "100658",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100658"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2017-8278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, while reading audio data from an unspecified driver, a buffer overflow or integer overflow could occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-09-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "100658",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100658"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2017-8278",
"datePublished": "2017-09-21T15:00:00.000Z",
"dateReserved": "2017-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:34:22.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8280 (GCVE-0-2017-8280)
Vulnerability from cvelistv5 – Published: 2017-09-21 15:00 – Updated: 2024-08-05 16:34
VLAI
EPSS
Summary
In all Qualcomm products with Android releases from CAF using the Linux kernel, during the wlan calibration data store and retrieve operation, there are some potential race conditions which lead to a memory leak and a buffer overflow during the context switch.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/100658 | vdb-entryx_refsource_BID |
Date Public
2017-09-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.193Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "100658",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100658"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, during the wlan calibration data store and retrieve operation, there are some potential race conditions which lead to a memory leak and a buffer overflow during the context switch."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-22T09:57:01.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "100658",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100658"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2017-8280",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, during the wlan calibration data store and retrieve operation, there are some potential race conditions which lead to a memory leak and a buffer overflow during the context switch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-09-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "100658",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100658"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2017-8280",
"datePublished": "2017-09-21T15:00:00.000Z",
"dateReserved": "2017-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:34:22.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8281 (GCVE-0-2017-8281)
Vulnerability from cvelistv5 – Published: 2017-09-21 15:00 – Updated: 2024-08-05 16:34
VLAI
EPSS
Summary
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while querying event status via DCI.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
| https://source.android.com/security/bulletin/pixe… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/100658 | vdb-entryx_refsource_BID |
Date Public
2017-09-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/pixel/2017-12-01"
},
{
"name": "100658",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100658"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while querying event status via DCI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-05T19:57:01.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/pixel/2017-12-01"
},
{
"name": "100658",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100658"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2017-8281",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while querying event status via DCI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-09-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "https://source.android.com/security/bulletin/pixel/2017-12-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2017-12-01"
},
{
"name": "100658",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100658"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2017-8281",
"datePublished": "2017-09-21T15:00:00.000Z",
"dateReserved": "2017-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:34:22.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8890 (GCVE-0-2017-8890)
Vulnerability from cvelistv5 – Published: 2017-05-10 16:00 – Updated: 2024-08-05 16:48
VLAI
EPSS
Summary
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/98562 | vdb-entryx_refsource_BID |
| https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2017:2669 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1854 | vendor-advisoryx_refsource_REDHAT |
| http://git.kernel.org/cgit/linux/kernel/git/torva… | x_refsource_CONFIRM |
| https://github.com/torvalds/linux/commit/657831ff… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2017:2077 | vendor-advisoryx_refsource_REDHAT |
| http://www.debian.org/security/2017/dsa-3886 | vendor-advisoryx_refsource_DEBIAN |
| https://access.redhat.com/errata/RHSA-2017:1842 | vendor-advisoryx_refsource_REDHAT |
Date Public
2017-05-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:48:22.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98562",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98562"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "RHSA-2017:2669",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2669"
},
{
"name": "RHSA-2018:1854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1854"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=657831ffc38e30092a2d5f03d385d710eb88b09a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/657831ffc38e30092a2d5f03d385d710eb88b09a"
},
{
"name": "RHSA-2017:2077",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2077"
},
{
"name": "DSA-3886",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3886"
},
{
"name": "RHSA-2017:1842",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1842"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-19T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "98562",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98562"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "RHSA-2017:2669",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2669"
},
{
"name": "RHSA-2018:1854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1854"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=657831ffc38e30092a2d5f03d385d710eb88b09a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/657831ffc38e30092a2d5f03d385d710eb88b09a"
},
{
"name": "RHSA-2017:2077",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2077"
},
{
"name": "DSA-3886",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3886"
},
{
"name": "RHSA-2017:1842",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1842"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98562",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98562"
},
{
"name": "https://source.android.com/security/bulletin/2017-09-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "RHSA-2017:2669",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2669"
},
{
"name": "RHSA-2018:1854",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1854"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=657831ffc38e30092a2d5f03d385d710eb88b09a",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=657831ffc38e30092a2d5f03d385d710eb88b09a"
},
{
"name": "https://github.com/torvalds/linux/commit/657831ffc38e30092a2d5f03d385d710eb88b09a",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/657831ffc38e30092a2d5f03d385d710eb88b09a"
},
{
"name": "RHSA-2017:2077",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2077"
},
{
"name": "DSA-3886",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3886"
},
{
"name": "RHSA-2017:1842",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1842"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8890",
"datePublished": "2017-05-10T16:00:00.000Z",
"dateReserved": "2017-05-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:48:22.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9076 (GCVE-0-2017-9076)
Vulnerability from cvelistv5 – Published: 2017-05-19 06:25 – Updated: 2024-08-05 16:55
VLAI
EPSS
Summary
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://git.kernel.org/cgit/linux/kernel/git/torva… | x_refsource_CONFIRM |
| https://patchwork.ozlabs.org/patch/760370/ | x_refsource_CONFIRM |
| https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/98586 | vdb-entryx_refsource_BID |
| https://access.redhat.com/errata/RHSA-2017:2669 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1854 | vendor-advisoryx_refsource_REDHAT |
| https://github.com/torvalds/linux/commit/83eaddab… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2017:2077 | vendor-advisoryx_refsource_REDHAT |
| http://www.debian.org/security/2017/dsa-3886 | vendor-advisoryx_refsource_DEBIAN |
| https://access.redhat.com/errata/RHSA-2017:1842 | vendor-advisoryx_refsource_REDHAT |
Date Public
2017-05-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:55:22.127Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=83eaddab4378db256d00d295bda6ca997cd13a52"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://patchwork.ozlabs.org/patch/760370/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "98586",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98586"
},
{
"name": "RHSA-2017:2669",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2669"
},
{
"name": "RHSA-2018:1854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1854"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/83eaddab4378db256d00d295bda6ca997cd13a52"
},
{
"name": "RHSA-2017:2077",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2077"
},
{
"name": "DSA-3886",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3886"
},
{
"name": "RHSA-2017:1842",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1842"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-19T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=83eaddab4378db256d00d295bda6ca997cd13a52"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://patchwork.ozlabs.org/patch/760370/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "98586",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98586"
},
{
"name": "RHSA-2017:2669",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2669"
},
{
"name": "RHSA-2018:1854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1854"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/83eaddab4378db256d00d295bda6ca997cd13a52"
},
{
"name": "RHSA-2017:2077",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2077"
},
{
"name": "DSA-3886",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3886"
},
{
"name": "RHSA-2017:1842",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1842"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=83eaddab4378db256d00d295bda6ca997cd13a52",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=83eaddab4378db256d00d295bda6ca997cd13a52"
},
{
"name": "https://patchwork.ozlabs.org/patch/760370/",
"refsource": "CONFIRM",
"url": "https://patchwork.ozlabs.org/patch/760370/"
},
{
"name": "https://source.android.com/security/bulletin/2017-09-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "98586",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98586"
},
{
"name": "RHSA-2017:2669",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2669"
},
{
"name": "RHSA-2018:1854",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1854"
},
{
"name": "https://github.com/torvalds/linux/commit/83eaddab4378db256d00d295bda6ca997cd13a52",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/83eaddab4378db256d00d295bda6ca997cd13a52"
},
{
"name": "RHSA-2017:2077",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2077"
},
{
"name": "DSA-3886",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3886"
},
{
"name": "RHSA-2017:1842",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1842"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9076",
"datePublished": "2017-05-19T06:25:00.000Z",
"dateReserved": "2017-05-19T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:55:22.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9150 (GCVE-0-2017-9150)
Vulnerability from cvelistv5 – Published: 2017-05-22 22:00 – Updated: 2024-08-05 16:55
VLAI
EPSS
Summary
The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/42048/ | exploitx_refsource_EXPLOIT-DB |
| http://git.kernel.org/cgit/linux/kernel/git/torva… | x_refsource_MISC |
| https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
| https://github.com/torvalds/linux/commit/0d0e5769… | x_refsource_MISC |
| http://www.securityfocus.com/bid/98635 | vdb-entryx_refsource_BID |
| https://bugs.chromium.org/p/project-zero/issues/d… | x_refsource_MISC |
| http://www.kernel.org/pub/linux/kernel/v4.x/Chang… | x_refsource_MISC |
Date Public
2017-05-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:55:22.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42048",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42048/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d0e57697f162da4aa218b5feafe614fb666db07"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/0d0e57697f162da4aa218b5feafe614fb666db07"
},
{
"name": "98635",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98635"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1251"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-08T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "42048",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42048/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d0e57697f162da4aa218b5feafe614fb666db07"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/0d0e57697f162da4aa218b5feafe614fb666db07"
},
{
"name": "98635",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98635"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1251"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42048",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42048/"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d0e57697f162da4aa218b5feafe614fb666db07",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d0e57697f162da4aa218b5feafe614fb666db07"
},
{
"name": "https://source.android.com/security/bulletin/2017-09-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "https://github.com/torvalds/linux/commit/0d0e57697f162da4aa218b5feafe614fb666db07",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/0d0e57697f162da4aa218b5feafe614fb666db07"
},
{
"name": "98635",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98635"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1251",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1251"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.1",
"refsource": "MISC",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9150",
"datePublished": "2017-05-22T22:00:00.000Z",
"dateReserved": "2017-05-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:55:22.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9676 (GCVE-0-2017-9676)
Vulnerability from cvelistv5 – Published: 2017-09-21 15:00 – Updated: 2024-08-05 17:18
VLAI
EPSS
Summary
In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a lock.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/100658 | vdb-entryx_refsource_BID |
Date Public
2017-09-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:01.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "100658",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100658"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a lock."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-22T09:57:01.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "100658",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100658"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2017-9676",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a lock."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-09-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "100658",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100658"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2017-9676",
"datePublished": "2017-09-21T15:00:00.000Z",
"dateReserved": "2017-06-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:18:01.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9677 (GCVE-0-2017-9677)
Vulnerability from cvelistv5 – Published: 2017-09-21 15:00 – Updated: 2024-08-05 17:18
VLAI
EPSS
Summary
In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msm_compr_ioctl_shared, variable "ddp->params_length" could be accessed and modified by multiple threads, while it is not protected with locks. If one thread is running, while another thread is setting data, race conditions will happen. If "ddp->params_length" is set to a big number, a buffer overflow will occur.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/100658 | vdb-entryx_refsource_BID |
Date Public
2017-09-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:01.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "100658",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100658"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msm_compr_ioctl_shared, variable \"ddp-\u003eparams_length\" could be accessed and modified by multiple threads, while it is not protected with locks. If one thread is running, while another thread is setting data, race conditions will happen. If \"ddp-\u003eparams_length\" is set to a big number, a buffer overflow will occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-22T09:57:01.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "100658",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100658"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2017-9677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msm_compr_ioctl_shared, variable \"ddp-\u003eparams_length\" could be accessed and modified by multiple threads, while it is not protected with locks. If one thread is running, while another thread is setting data, race conditions will happen. If \"ddp-\u003eparams_length\" is set to a big number, a buffer overflow will occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-09-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "100658",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100658"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2017-9677",
"datePublished": "2017-09-21T15:00:00.000Z",
"dateReserved": "2017-06-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:18:01.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9720 (GCVE-0-2017-9720)
Vulnerability from cvelistv5 – Published: 2017-09-21 15:00 – Updated: 2024-08-05 17:18
VLAI
EPSS
Summary
In all Qualcomm products with Android releases from CAF using the Linux kernel, due to an off-by-one error in a camera driver, an out-of-bounds read/write can occur.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/100658 | vdb-entryx_refsource_BID |
Date Public
2017-09-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:01.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "100658",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100658"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, due to an off-by-one error in a camera driver, an out-of-bounds read/write can occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-22T09:57:01.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "100658",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100658"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2017-9720",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, due to an off-by-one error in a camera driver, an out-of-bounds read/write can occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-09-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "100658",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100658"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2017-9720",
"datePublished": "2017-09-21T15:00:00.000Z",
"dateReserved": "2017-06-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:18:01.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9724 (GCVE-0-2017-9724)
Vulnerability from cvelistv5 – Published: 2017-09-21 15:00 – Updated: 2024-08-05 17:18
VLAI
EPSS
Summary
In all Qualcomm products with Android releases from CAF using the Linux kernel, user-level permissions can be used to gain access to kernel memory, specifically the ION cache maintenance code is writing to a user supplied address.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2017-09-01 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/100658 | vdb-entryx_refsource_BID |
Date Public
2017-09-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:02.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "100658",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100658"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, user-level permissions can be used to gain access to kernel memory, specifically the ION cache maintenance code is writing to a user supplied address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-22T09:57:01.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "100658",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100658"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2017-9724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, user-level permissions can be used to gain access to kernel memory, specifically the ION cache maintenance code is writing to a user supplied address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-09-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "100658",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100658"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2017-9724",
"datePublished": "2017-09-21T15:00:00.000Z",
"dateReserved": "2017-06-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:18:02.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…