CVE-2017-8244 - OpenCVE

In core_info_read and inst_info_read in all Android releases from CAF using the Linux kernel, variable "dbg_buf", "dbg_buf->curr" and "dbg_buf->filled_size" could be modified by different threads at the same time, but they are not protected with mutex or locks. Buffer overflow is possible on race conditions. "buffer->curr" itself could also be overwritten, which means that it may point to anywhere of kernel memory (for write).

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Google	Android

Configuration 1 [-]

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/98547	Third Party Advisory VDB Entry
https://source.android.com/security/bulletin/pixel/2017-12-01	Vendor Advisory
https://www.codeaurora.org/buffer-overflow-msmvidc-debugfs-driver-coreinforead-and-instinforead-cve-2017-8244	Broken Link

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: qualcomm

Published: 2017-05-12T20:00:00

Updated: 2017-12-05T19:57:01

Reserved: 2017-04-25T00:00:00

Link: CVE-2017-8244

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-05-12T20:29:00.313

Modified: 2020-11-09T14:27:19.047

Link: CVE-2017-8244

JSON object: View

Redhat Information

No data.

CWE

CWE-362

{"containers": {"cna": {"affected": [{"product": "Android for MSM, Firefox OS for MSM, QRD Android", "vendor": "Qualcomm, Inc.", "versions": [{"status": "affected", "version": "All Android releases from CAF using the Linux kernel"}]}], "datePublic": "2017-05-01T00:00:00", "descriptions": [{"lang": "en", "value": "In core_info_read and inst_info_read in all Android releases from CAF using the Linux kernel, variable \"dbg_buf\", \"dbg_buf->curr\" and \"dbg_buf->filled_size\" could be modified by different threads at the same time, but they are not protected with mutex or locks. Buffer overflow is possible on race conditions. \"buffer->curr\" itself could also be overwritten, which means that it may point to anywhere of kernel memory (for write)."}], "problemTypes": [{"descriptions": [{"description": "Buffer overflow in msm_vidc debugfs driver core_info_read and inst_info_read (CVE-2017-8244)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-05T19:57:01", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.codeaurora.org/buffer-overflow-msmvidc-debugfs-driver-coreinforead-and-instinforead-cve-2017-8244"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://source.android.com/security/bulletin/pixel/2017-12-01"}, {"name": "98547", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/98547"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@qualcomm.com", "ID": "CVE-2017-8244", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Android for MSM, Firefox OS for MSM, QRD Android", "version": {"version_data": [{"version_value": "All Android releases from CAF using the Linux kernel"}]}}]}, "vendor_name": "Qualcomm, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In core_info_read and inst_info_read in all Android releases from CAF using the Linux kernel, variable \"dbg_buf\", \"dbg_buf->curr\" and \"dbg_buf->filled_size\" could be modified by different threads at the same time, but they are not protected with mutex or locks. Buffer overflow is possible on race conditions. \"buffer->curr\" itself could also be overwritten, which means that it may point to anywhere of kernel memory (for write)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Buffer overflow in msm_vidc debugfs driver core_info_read and inst_info_read (CVE-2017-8244)"}]}]}, "references": {"reference_data": [{"name": "https://www.codeaurora.org/buffer-overflow-msmvidc-debugfs-driver-coreinforead-and-instinforead-cve-2017-8244", "refsource": "CONFIRM", "url": "https://www.codeaurora.org/buffer-overflow-msmvidc-debugfs-driver-coreinforead-and-instinforead-cve-2017-8244"}, {"name": "https://source.android.com/security/bulletin/pixel/2017-12-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-12-01"}, {"name": "98547", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98547"}]}}}}, "cveMetadata": {"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2017-8244", "datePublished": "2017-05-12T20:00:00", "dateReserved": "2017-04-25T00:00:00", "dateUpdated": "2017-12-05T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In core_info_read and inst_info_read in all Android releases from CAF using the Linux kernel, variable \"dbg_buf\", \"dbg_buf->curr\" and \"dbg_buf->filled_size\" could be modified by different threads at the same time, but they are not protected with mutex or locks. Buffer overflow is possible on race conditions. \"buffer->curr\" itself could also be overwritten, which means that it may point to anywhere of kernel memory (for write)."}, {"lang": "es", "value": "En la funci\u00f3n core_info_read e inst_info_read en todas las versiones de Android de CAF usando el kernel de Linux, las variables \"dbg_buf\", \"dbg_buf-)curr\" y \"dbg_buf-)filled_size\" pueden ser modificadas por diferentes hilos al mismo tiempo, pero no est\u00e1n protegidos con mutex o locks. Un desbordamiento de b\u00fafer es posible sobre condiciones de carrera. \"buffer-)curr\" en s\u00ed tambi\u00e9n podr\u00eda ser sobrescrita, lo que quiere decir que puede apuntar a cualquier parte de la memoria del kernel (para escritura)."}], "id": "CVE-2017-8244", "lastModified": "2020-11-09T14:27:19.047", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-12T20:29:00.313", "references": [{"source": "product-security@qualcomm.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98547"}, {"source": "product-security@qualcomm.com", "tags": ["Vendor Advisory"], "url": "https://source.android.com/security/bulletin/pixel/2017-12-01"}, {"source": "product-security@qualcomm.com", "tags": ["Broken Link"], "url": "https://www.codeaurora.org/buffer-overflow-msmvidc-debugfs-driver-coreinforead-and-instinforead-cve-2017-8244"}], "sourceIdentifier": "product-security@qualcomm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}