nvd-json-data-feeds/CVE-2017/CVE-2017-97xx/CVE-2017-9725.json

{
  "id": "CVE-2017-9725",
  "sourceIdentifier": "product-security@qualcomm.com",
  "published": "2017-09-21T15:29:00.977",
  "lastModified": "2024-11-21T03:36:42.583",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail."
    },
    {
      "lang": "es",
      "value": "En todos los productos Qualcomm con distribuciones Android desde CAF empleando el kernel Linux, durante la asignaci\u00f3n de DMA, el tama\u00f1o de asignaci\u00f3n se trunca, lo que permite que la asignaci\u00f3n sea un \u00e9xito cuando deber\u00eda fallar. Esto se debe a un tipo de tama\u00f1o de datos err\u00f3neo."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "baseScore": 9.3,
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE"
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-682"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "8.0",
              "matchCriteriaId": "EFB2D835-93F5-428E-A606-2DA253C97EB6"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.securityfocus.com/bid/100658",
      "source": "product-security@qualcomm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "https://access.redhat.com/errata/RHSA-2018:0676",
      "source": "product-security@qualcomm.com"
    },
    {
      "url": "https://access.redhat.com/errata/RHSA-2018:1062",
      "source": "product-security@qualcomm.com"
    },
    {
      "url": "https://access.redhat.com/errata/RHSA-2018:1130",
      "source": "product-security@qualcomm.com"
    },
    {
      "url": "https://access.redhat.com/errata/RHSA-2018:1170",
      "source": "product-security@qualcomm.com"
    },
    {
      "url": "https://source.android.com/security/bulletin/2017-09-01",
      "source": "product-security@qualcomm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://www.securityfocus.com/bid/100658",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "https://access.redhat.com/errata/RHSA-2018:0676",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://access.redhat.com/errata/RHSA-2018:1062",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://access.redhat.com/errata/RHSA-2018:1130",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://access.redhat.com/errata/RHSA-2018:1170",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://source.android.com/security/bulletin/2017-09-01",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    }
  ]
}