CVE-2017-8246

Published: May 12, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In function msm_pcm_playback_close() in all Android releases from CAF using the Linux kernel, prtd is assigned substream->runtime->private_data. Later, prtd is freed. However, prtd is not sanitized and set to NULL, resulting in a dangling pointer. There are other functions that access the same memory (substream->runtime->private_data) with a NULL check, such as msm_pcm_volume_ctl_put(), which means this freed memory could be used.

Affected (1)

Products: Google: Android

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Android	All versions

Related CWEs

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (4)

https://source.android.com/security/bulletin/2017-07-01

Source: product-security@qualcomm.com

Vendor Advisory

https://www.codeaurora.org/use-after-free-alsa-pcm-playback-kernel-module-cve-2017-8246

Source: product-security@qualcomm.com

Broken Link

https://source.android.com/security/bulletin/2017-07-01

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.codeaurora.org/use-after-free-alsa-pcm-playback-kernel-module-cve-2017-8246

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.