CVE-2017-0861

Published: Nov 16, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.

Affected (1)

Products: Google: Android

Google

1 product

Android

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Android	All versions

Related CWEs

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (44)

http://lists.alioth.debian.org/pipermail/secure-testing-commits/2017-December/059967.html

Source: security@android.com

http://www.securityfocus.com/bid/102329

Source: security@android.com

https://access.redhat.com/errata/RHSA-2018:2390

Source: security@android.com

https://access.redhat.com/errata/RHSA-2018:3083

Source: security@android.com

https://access.redhat.com/errata/RHSA-2018:3096

Source: security@android.com

https://access.redhat.com/errata/RHSA-2020:0036

Source: security@android.com

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229

Source: security@android.com

https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

Source: security@android.com

https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html

Source: security@android.com

https://security-tracker.debian.org/tracker/CVE-2017-0861

Source: security@android.com

https://source.android.com/security/bulletin/pixel/2017-11-01

Source: security@android.com

PatchVendor Advisory

https://usn.ubuntu.com/3583-1/

Source: security@android.com

https://usn.ubuntu.com/3583-2/

Source: security@android.com

https://usn.ubuntu.com/3617-1/

Source: security@android.com

https://usn.ubuntu.com/3617-2/

Source: security@android.com

https://usn.ubuntu.com/3617-3/

Source: security@android.com

https://usn.ubuntu.com/3619-1/

Source: security@android.com

https://usn.ubuntu.com/3619-2/

Source: security@android.com

https://usn.ubuntu.com/3632-1/

Source: security@android.com

https://www.debian.org/security/2018/dsa-4187

Source: security@android.com

https://www.oracle.com/security-alerts/cpujul2020.html

Source: security@android.com

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Source: security@android.com

http://lists.alioth.debian.org/pipermail/secure-testing-commits/2017-December/059967.html