Sign-up

ID

VAR-201804-0516


CVE

CVE-2017-11011


TITLE

plural Qualcomm Run on product Android Uses freed memory vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-013240

DESCRIPTION

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 820, SD 835, a Use After Free condition can occur in a communication API. plural Qualcomm Run on product Android Contains a vulnerability in the use of freed memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to multiple unspecified security vulnerabilities. Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). The communication API is one of the communication APIs (Application Programming Interface). Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. The communication API in versions prior to Android 2018-04-05 has a reuse-after-free vulnerability. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

Trust: 2.07

sources: NVD: CVE-2017-11011 // JVNDB: JVNDB-2017-013240 // BID: 103671 // VULHUB: VHN-101391 // VULMON: CVE-2017-11011

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 425scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 430scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 450scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 625scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 820scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 835scope: - version: -

Trust: 0.8

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel xlscope:eqversion:20

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:20

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:7

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:4

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:10

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 103671 // JVNDB: JVNDB-2017-013240 // CNNVD: CNNVD-201804-562 // NVD: CVE-2017-11011

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-11011
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-11011
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201804-562
value: CRITICAL

Trust: 0.6

VULHUB: VHN-101391
value: HIGH

Trust: 0.1

VULMON: CVE-2017-11011
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-11011
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-101391
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-11011
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-101391 // VULMON: CVE-2017-11011 // JVNDB: JVNDB-2017-013240 // CNNVD: CNNVD-201804-562 // NVD: CVE-2017-11011

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.9

sources: VULHUB: VHN-101391 // JVNDB: JVNDB-2017-013240 // NVD: CVE-2017-11011

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-562

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201804-562

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013240

PATCH
title:Android のセキュリティに関する公開情報 - 2018 年 4 月url:https://source.android.com/security/bulletin/2018-04-01
Trust: 0.8
title:Android Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83324
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—April 2018url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=068d787c35ce8cea494780f9a47b5827
Trust: 0.1
title:SamsungReleaseNotesurl:https://github.com/samreleasenotes/SamsungReleaseNotes 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-11011 // 
            
            
            
            JVNDB: JVNDB-2017-013240 // 
            
            
            
            CNNVD: CNNVD-201804-562

EXTERNAL IDS
db:NVDid:CVE-2017-11011
Trust: 2.9
db:BIDid:103671
Trust: 1.5
db:JVNDBid:JVNDB-2017-013240
Trust: 0.8
db:CNNVDid:CNNVD-201804-562
Trust: 0.6
db:VULHUBid:VHN-101391
Trust: 0.1
db:VULMONid:CVE-2017-11011
Trust: 0.1
sources:
            
            
            VULHUB: VHN-101391 // 
            
            
            
            VULMON: CVE-2017-11011 // 
            
            
            
            BID: 103671 // 
            
            
            
            JVNDB: JVNDB-2017-013240 // 
            
            
            
            CNNVD: CNNVD-201804-562 // 
            
            
            
            NVD: CVE-2017-11011

REFERENCES
url:https://source.android.com/security/bulletin/2018-04-01
Trust: 2.1
url:http://www.securityfocus.com/bid/103671
Trust: 1.3
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11011
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-11011
Trust: 0.8
url:http://code.google.com/android/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/416.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://source.android.com/security/bulletin/2018-04-01.html
Trust: 0.1
url:https://github.com/samreleasenotes/samsungreleasenotes
Trust: 0.1
sources:
            
            
            VULHUB: VHN-101391 // 
            
            
            
            VULMON: CVE-2017-11011 // 
            
            
            
            BID: 103671 // 
            
            
            
            JVNDB: JVNDB-2017-013240 // 
            
            
            
            CNNVD: CNNVD-201804-562 // 
            
            
            
            NVD: CVE-2017-11011

CREDITS
The vendor reported these issues.
Trust: 0.3
sources:
            
            
            BID: 103671

SOURCES
db:VULHUBid:VHN-101391
db:VULMONid:CVE-2017-11011
db:BIDid:103671
db:JVNDBid:JVNDB-2017-013240
db:CNNVDid:CNNVD-201804-562
db:NVDid:CVE-2017-11011

LAST UPDATE DATE
2024-11-23T21:39:21.403000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-101391date:2018-05-16T00:00:00
db:VULMONid:CVE-2017-11011date:2018-05-16T00:00:00
db:BIDid:103671date:2018-04-05T00:00:00
db:JVNDBid:JVNDB-2017-013240date:2018-06-08T00:00:00
db:CNNVDid:CNNVD-201804-562date:2018-04-12T00:00:00
db:NVDid:CVE-2017-11011date:2024-11-21T03:06:56.780

SOURCES RELEASE DATE
db:VULHUBid:VHN-101391date:2018-04-11T00:00:00
db:VULMONid:CVE-2017-11011date:2018-04-11T00:00:00
db:BIDid:103671date:2018-04-05T00:00:00
db:JVNDBid:JVNDB-2017-013240date:2018-06-08T00:00:00
db:CNNVDid:CNNVD-201804-562date:2018-04-12T00:00:00
db:NVDid:CVE-2017-11011date:2018-04-11T15:29:00.240