Use-After-Free in ALSA PCM Playback Kernel Module (CVE-2017-8246)

Release Date: 
May 1, 2017
Advisory ID: 

The following security vulnerabilities have been identified:


In function msm_pcm_playback_close(), prtd is assigned substream->runtime->private_data. Later, prtd is freed. However, prtd is not sanitized and set to NULL, resulting in a dangling pointer. There are other functions that access the same memory (substream->runtime->private_data) with a NULL check, such as msm_pcm_volume_ctl_put(), which means this freed memory could be used.

Access Vector: Local
Security Risk: Medium
Vulnerability: CWE-416 Use After Free

Affected Versions:
All Android releases from CAF using the Linux kernel.


Qualcomm Innovation Center, Inc. (QuIC) thanks Seven Shen from the Trend Micro Mobile Threat Research Team for bringing this issue to QuIC’s attention. 


Initial revision