CVE-2017-18145
high-risk
Published 2018-04-11
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, while the DPM native process is processing framework events, the iterator pointer is deleted after processing an event. When processing subsequent events, a Use After Condition will occur.
Do I need to act?
-
0.21% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (14)
Affected Vendors
References (4)
Third Party Advisory
http://www.securityfocus.com/bid/103671
Vendor Advisory
https://source.android.com/security/bulletin/2018-04-01
Third Party Advisory
http://www.securityfocus.com/bid/103671
Vendor Advisory
https://source.android.com/security/bulletin/2018-04-01
51
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
1/34 · Minimal
Exposure
18/34 · Moderate