CVE-2017-9677
Description
In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msm_compr_ioctl_shared, variable ddp->params_length could be accessed and modified by multiple threads, while it is not protected with locks. If one thread is running, while another thread is setting data, race conditions will happen. If ddp->params_length is set to a big number, a buffer overflow will occur.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.045
Associated Vulnerability
No records foundPatch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234