Use after free vulnerability during IPA routing commit logic (CVE-2017-0525)

Release Date: 
May 1, 2017
Advisory ID: 
QCIR-2017-00030-1
Summary: 

The following security vulnerabilities have been identified:

 
CVE-2017-0525

While processing IOCTL for IPA routing, there is no protection against multiple IPA header deletions from user application. If user application deletes header multiple times and that header is being used by a routing rule, a use after free occurs.

Access Vector: Local
Security Risk: Medium
Vulnerability: CWE-416 Use After Free

Affected Versions:
All Android releases from CAF using the Linux kernel.

Acknowledgement: 

This issue was reported to Google by an external security researcher. Qualcomm Innovation Center, Inc. (QuIC) thanks Google for bringing this issue to QuIC's attention.

Revisions: 

Initial revision

Contact: 
security-advisory@quicinc.com