CVE-2017-8244
Summary
| CVE | CVE-2017-8244 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-05-12 20:29:00 UTC |
| Updated | 2020-11-09 14:27:00 UTC |
| Description | In core_info_read and inst_info_read in all Android releases from CAF using the Linux kernel, variable "dbg_buf", "dbg_buf->curr" and "dbg_buf->filled_size" could be modified by different threads at the same time, but they are not protected with mutex or locks. Buffer overflow is possible on race conditions. "buffer->curr" itself could also be overwritten, which means that it may point to anywhere of kernel memory (for write). |
Risk And Classification
Problem Types: CWE-362
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Linux Kernel CVE-2017-8244 Multiple Local Buffer Overflow Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Page not found - Code Aurora | CONFIRM | www.codeaurora.org | Broken Link |
| Pixel / Nexus Security Bulletin—December 2017 | Android Open Source Project | CONFIRM | source.android.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.