CVE-2017-15843 : Security Advisory and Response
Learn about CVE-2017-15843, a double free vulnerability in Android for MSM, Firefox OS for MSM, and QRD Android by Qualcomm. Find out the impact, affected systems, exploitation mechanism, and mitigation steps.
Android for MSM, Firefox OS for MSM, and QRD Android devices by Qualcomm are affected by a double free vulnerability in the Linux kernel.
Understanding CVE-2017-15843
What is CVE-2017-15843?
The vulnerability in CVE-2017-15843 is a double free issue within the msm_bus_floor_vote_context() function due to a race condition in a bus driver affecting various Qualcomm Android devices.
The Impact of CVE-2017-15843
The vulnerability could allow an attacker to exploit the race condition in the bus driver, potentially leading to a double free scenario, which may result in a denial of service or arbitrary code execution.
Technical Details of CVE-2017-15843
Vulnerability Description
The vulnerability arises from a race condition in a bus driver, causing a double free in the msm_bus_floor_vote_context() function within Android releases from CAF using the Linux kernel.
Affected Systems and Versions
- Products: Android for MSM, Firefox OS for MSM, QRD Android
- Vendor: Qualcomm, Inc.
- Versions: All Android releases from CAF using the Linux kernel
Exploitation Mechanism
The vulnerability can be exploited by leveraging the race condition in the bus driver to trigger a double free scenario, potentially leading to a denial of service or arbitrary code execution.
Mitigation and Prevention
Immediate Steps to Take
- Apply patches provided by Qualcomm promptly to address the vulnerability.
- Monitor Qualcomm's security bulletins for updates and advisories.
Long-Term Security Practices
- Regularly update the firmware and software on affected devices.
- Implement network segmentation and access controls to minimize the impact of potential attacks.
Patching and Updates
- Stay informed about security updates and patches released by Qualcomm for the affected products.