Vulnerability Name:

CVE-2017-14918

Assigned:2017-09-28
Published:2017-12-04
Updated:2017-12-07
Summary:In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the GPS location wireless interface, a Use After Free condition can occur.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (CCN Temporal CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:
References:Source: BID
Type: UNKNOWN
102072

Source: XF
Type: UNKNOWN
android-cve201714918-unspecified(135978)

Source: CONFIRM
Type: UNKNOWN
https://source.android.com/security/bulletin/2017-12-01

Vulnerable Configuration:
Configuration CCN 1:
  • cpe:/a:google:android_api:1.0:*:*:*:*:*:*:*

  • Denotes that component is vulnerable
    BACK