CVE-2017-18145
Severity CVSS v4.0:
Pending analysis
Type:
CWE-416
Use After Free
Publication date:
11/04/2018
Last modified:
11/05/2018
Description
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, while the DPM native process is processing framework events, the iterator pointer is deleted after processing an event. When processing subsequent events, a Use After Condition will occur.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page