CVE-2017-9676

In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a lock.

CVSS v3 4.7 MEDIUM
CVSS v2.0 2.6 LOW

4.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability : 1.0 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/100658	Third Party Advisory VDB Entry
https://source.android.com/security/bulletin/2017-09-01	Patch Vendor Advisory
http://www.securityfocus.com/bid/100658	Third Party Advisory VDB Entry
https://source.android.com/security/bulletin/2017-09-01	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:36

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/bid/100658 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/100658 - Third Party Advisory, VDB Entry
References	~~() https://source.android.com/security/bulletin/2017-09-01 - Patch, Vendor Advisory~~	() https://source.android.com/security/bulletin/2017-09-01 - Patch, Vendor Advisory

Information

Published : 2017-09-21 15:29

Updated : 2025-04-20 01:37

NVD link : CVE-2017-9676

Mitre link : CVE-2017-9676

CVE.ORG link : CVE-2017-9676

JSON object : View

Products Affected

google

android

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-416

Use After Free

{"id": "CVE-2017-9676", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.0}]}, "published": "2017-09-21T15:29:00.837", "references": [{"url": "http://www.securityfocus.com/bid/100658", "tags": ["Third Party Advisory", "VDB Entry"], "source": "product-security@qualcomm.com"}, {"url": "https://source.android.com/security/bulletin/2017-09-01", "tags": ["Patch", "Vendor Advisory"], "source": "product-security@qualcomm.com"}, {"url": "http://www.securityfocus.com/bid/100658", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://source.android.com/security/bulletin/2017-09-01", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-362"}, {"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a lock."}, {"lang": "es", "value": "Podr\u00edan darse situaciones en las que se use memoria previamente liberada y condiciones de carrera al acceder a variables est\u00e1ticas globales sin emplear un lock en todos los productos Qualcomm con distribuciones Android desde CAF empleando el kernel Linux."}], "lastModified": "2025-04-20T01:37:25.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFB2D835-93F5-428E-A606-2DA253C97EB6", "versionEndIncluding": "8.0"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@qualcomm.com"}

4.7 /10

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.6 /10

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2017-9676

4.7^/10

2.6^/10

Attach tags to `CVE-2017-9676`