Use after free vulnerability during IPA routing commit logic (CVE-2017-0525)

Release Date:

May 1, 2017

Affected Projects:

Android for MSMFirefox OS for MSMQRD Android

Advisory ID:

QCIR-2017-00030-1

CVE ID(s):

CVE-2017-0525

Summary:

The following security vulnerabilities have been identified: CVE-2017-0525 While processing IOCTL for IPA routing, there is no protection against multiple IPA header deletions from user application. If user application deletes header multiple times and that header is being used by a routing rule, a use after free occurs.

Access Vector: Local
Security Risk: Medium
Access Vector: Local

Affected Versions:

All Android releases from CAF using the Linux kernel

Patch:

We advise customers to apply the following patches:

Individual Patches

CVE-2017-0525:

Acknowledgement:

This issue was reported to Google by an external security researcher. Qualcomm Innovation Center, Inc. (QuIC) thanks Google for bringing this issue to QuIC's attention.

Revisions:

Initial revision

Contact:

security-advisory@quicinc.com