VDB-111455 · CVE-2017-14915 · BID 102386

Google Android Qualcomm Component use after free

A vulnerability was found in Google Android (Smartphone Operating System) (unknown version). It has been rated as very critical. This issue affects an unknown functionality of the component Qualcomm Component. Applying a patch is able to eliminate this problem. A possible mitigation has been published 3 days after the disclosure of the vulnerability.

Field01/07/2018 11:30 AM12/20/2019 09:31 AM
typeSmartphone Operating SystemSmartphone Operating System
vendorGoogleGoogle
nameAndroidAndroid
componentQualcomm ComponentQualcomm Component
cwe416 (memory corruption)416 (memory corruption)
risk22
historic00
cvss2_vuldb_basescore10.010.0
cvss2_vuldb_tempscore8.78.7
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciCC
cvss2_vuldb_iiCC
cvss2_vuldb_aiCC
cvss2_nvd_avNN
cvss2_nvd_acLL
cvss2_nvd_auNN
cvss2_nvd_ciCC
cvss2_nvd_iiCC
cvss2_nvd_aiCC
cvss3_meta_basescore9.89.8
cvss3_meta_tempscore9.49.4
cvss3_vuldb_basescore9.89.8
cvss3_vuldb_tempscore9.49.4
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cHH
cvss3_vuldb_iHH
cvss3_vuldb_aHH
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prNN
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cHH
cvss3_nvd_iHH
cvss3_nvd_aHH
date1514851200 (01/02/2018)1514851200 (01/02/2018)
locationWebsiteWebsite
typeSecurity BulletinSecurity Bulletin
urlhttps://source.android.com/security/bulletin/2018-01-01https://source.android.com/security/bulletin/2018-01-01
identifierAndroid Security Bulletin - January 2018Android Security Bulletin - January 2018
disputed00
price_0day$100k and more$100k and more
price_trend++
namePatchPatch
date1515110400 (01/05/2018)1515110400 (01/05/2018)
cveCVE-2017-14915CVE-2017-14915
cve_nvd_published15223680001522368000
cve_nvd_summaryIn Android before 2018-01-05 on Qualcomm Snapdragon Mobile SD 625, SD 650/52, SD 835, accessing SPCOM functions with a compromised client structure can result in a Use After Free condition.In Android before 2018-01-05 on Qualcomm Snapdragon Mobile SD 625, SD 650/52, SD 835, accessing SPCOM functions with a compromised client structure can result in a Use After Free condition.
securityfocus102386102386
securityfocus_titleGoogle Android Multiple Qualcomm Components Multiple Unspecified Security VulnerabilitiesGoogle Android Multiple Qualcomm Components Multiple Unspecified Security Vulnerabilities
sectracker10401061040106
sectracker_date1515110400 (01/05/2018)1515110400 (01/05/2018)
sectracker_causeNot specifiedNot specified
seealso111420 111421 111439 111438 111437 111436 111435 111434 111433 111432 111431 111430 111429 111428 111427 111426 111425 111424 111423 111422 111440 111441 111442 111443 111444 111445 111446 111447 111448 111449111420 111421 111439 111438 111437 111436 111435 111434 111433 111432 111431 111430 111429 111428 111427 111426 111425 111424 111423 111422 111440 111441 111442 111443 111444 111445 111446 111447 111448 111449
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcCC
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
reaction_days33
exposure_days33
cvss3_nvd_basescore9.89.8
discoverydate1517184000
confirm_urlhttps://source.android.com/security/bulletin/2018-01-01
cve_assigned1506556800
securityfocus_date1514851200 (01/02/2018)
securityfocus_classUnknown

Interested in the pricing of exploits?

See the underground prices here!