CVE-2017-13183 — Race Condition in INC Android

CWE-362 — Race Condition4 documents4 sources

Severity

7.0HIGHNVD

EPSS

0.0%

top 90.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google INC Android Google Android

Timeline

PublishedJan 12

Latest updateMay 14

Description

In the OMXNodeInstance::useBuffer and IOMX::freeBuffer functions, there is a possible use after free due to a race condition if the user frees the buffer while it's being used in another thread. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.1. Android ID: A-38118127.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

▶NVDgoogle/android8.1

▶CVEListV5google_inc/android8.1

Patches

Patch: source.android.com ↗Patch: source.android.com ↗

🔴Vulnerability Details

GHSA

GHSA-w74h-mhgg-jvc9: In the OMXNodeInstance::useBuffer and IOMX::freeBuffer functions, there is a possible use after free due to a race condition if the user frees the buf↗2022-05-14

▶

CVEList

CVE-2017-13183: In the OMXNodeInstance::useBuffer and IOMX::freeBuffer functions, there is a possible use after free due to a race condition if the user frees the buf↗2018-01-12

▶

📋Vendor Advisories

Android

CVE-2017-13183: Android Security Bulletin 2018-01-01 CVE: CVE-2017-13183 Severity: HIGH Type: EoP Affected AOSP versions: 8↗2018-01-01

▶