Vulnerability Name:

CVE-2017-18169 (CCN-145241)

Assigned:2018-06-04
Published:2018-06-04
Updated:2019-10-03
Summary:User process can perform the kernel DOS in ashmem when doing cache maintenance operation in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.
CVSS v3 Severity:5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
3.5 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-617
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: Google Web site
Android

Source: MITRE
Type: CNA
CVE-2017-18169

Source: XF
Type: UNKNOWN
codeaurora-cve201718169-dos(145241)

Source: CCN
Type: Code Aurora Security Bulletin June 2018
Code Aurora

Source: MISC
Type: Patch, Third Party Advisory
https://www.codeaurora.org/security-bulletin/2018/06/04/june-2018-code-aurora-security-bulletin

Vulnerable Configuration:Configuration 1:
  • cpe:/o:google:android:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:codeaurora:android-msm:2.6.29:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.artful:def:201718169000
    V
    		CVE-2017-18169 on Ubuntu 17.10 (artful) - low.
    2018-06-15
    oval:com.ubuntu.bionic:def:2017181690000000
    V
    		CVE-2017-18169 on Ubuntu 18.04 LTS (bionic) - low.
    2018-06-15
    oval:com.ubuntu.bionic:def:201718169000
    V
    		CVE-2017-18169 on Ubuntu 18.04 LTS (bionic) - low.
    2018-06-15
    oval:com.ubuntu.xenial:def:2017181690000000
    V
    		CVE-2017-18169 on Ubuntu 16.04 LTS (xenial) - low.
    2018-06-15
    oval:com.ubuntu.trusty:def:201718169000
    V
    		CVE-2017-18169 on Ubuntu 14.04 LTS (trusty) - low.
    2018-06-15
    oval:com.ubuntu.xenial:def:201718169000
    V
    		CVE-2017-18169 on Ubuntu 16.04 LTS (xenial) - low.
    2018-06-15
    BACK
    google android -
    codeaurora android-msm 2.6.29