Vulnerability Description
In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail.
CVSS Score
7.8
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | <= 8.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/100658Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2018:0676
- https://access.redhat.com/errata/RHSA-2018:1062
- https://access.redhat.com/errata/RHSA-2018:1130
- https://access.redhat.com/errata/RHSA-2018:1170
- https://source.android.com/security/bulletin/2017-09-01PatchVendor Advisory
- http://www.securityfocus.com/bid/100658Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2018:0676
- https://access.redhat.com/errata/RHSA-2018:1062
- https://access.redhat.com/errata/RHSA-2018:1130
- https://access.redhat.com/errata/RHSA-2018:1170
- https://source.android.com/security/bulletin/2017-09-01PatchVendor Advisory
FAQ
What is CVE-2017-9725?
CVE-2017-9725 is a vulnerability with a CVSS score of 7.8 (HIGH). In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed whe...
How severe is CVE-2017-9725?
CVE-2017-9725 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-9725?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android.