{"api_version":"1","generated_at":"2026-04-23T06:06:57+00:00","cve":"CVE-2017-9725","urls":{"html":"https://cve.report/CVE-2017-9725","api":"https://cve.report/api/cve/CVE-2017-9725.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-9725","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-9725"},"summary":{"title":"CVE-2017-9725","description":"In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail.","state":"PUBLIC","assigner":"product-security@qualcomm.com","published_at":"2017-09-21 15:29:00","updated_at":"2019-10-03 00:03:00"},"problem_types":["CWE-682"],"metrics":[],"references":[{"url":"https://source.android.com/security/bulletin/2017-09-01","name":"https://source.android.com/security/bulletin/2017-09-01","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"Android Security Bulletin—September 2017  |  Android Open Source Project","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2018:1130","name":"RHSA-2018:1130","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2018:0676","name":"RHSA-2018:0676","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/100658","name":"100658","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Google Android Qualcomm Components Multiple Security Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2018:1170","name":"RHSA-2018:1170","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2018:1062","name":"RHSA-2018:1062","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-9725","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9725","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"9725","vulnerable":"1","versionEndIncluding":"8.0","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2017-9725","qid":"670634","title":"EulerOS Security Update for kernel (EulerOS-SA-2021-2392)"},{"cve":"CVE-2017-9725","qid":"671047","title":"EulerOS Security Update for kernel (EulerOS-SA-2021-2588)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"product-security@qualcomm.com","ID":"CVE-2017-9725","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://source.android.com/security/bulletin/2017-09-01","refsource":"CONFIRM","url":"https://source.android.com/security/bulletin/2017-09-01"},{"name":"RHSA-2018:1062","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2018:1062"},{"name":"RHSA-2018:0676","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2018:0676"},{"name":"RHSA-2018:1170","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2018:1170"},{"name":"RHSA-2018:1130","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2018:1130"},{"name":"100658","refsource":"BID","url":"http://www.securityfocus.com/bid/100658"}]}},"nvd":{"publishedDate":"2017-09-21 15:29:00","lastModifiedDate":"2019-10-03 00:03:00","problem_types":["CWE-682"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":9.3},"severity":"HIGH","exploitabilityScore":8.6,"impactScore":10,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"8.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"9725","Ordinal":"106748","Title":"CVE-2017-9725","CVE":"CVE-2017-9725","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"9725","Ordinal":"1","NoteData":"In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"9725","Ordinal":"2","NoteData":"2017-09-21","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"9725","Ordinal":"3","NoteData":"2018-04-18","Type":"Other","Title":"Modified"}]}}}