CVE-2017-18297 — Double Free in INC Snapdragon Mobile

CWE-415 — Double Free3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 86.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qualcomm INC Snapdragon Mobile Google Android

Timeline

PublishedOct 23

Latest updateMay 14

Description

Double memory free while closing TEE SE API Session management in Snapdragon Mobile in version SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5qualcomm_inc/snapdragon_mobileSD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820

▶googlegoogle/android

🔴Vulnerability Details

GHSA

GHSA-m528-9cvr-fx99: Double memory free while closing TEE SE API Session management in Snapdragon Mobile in version SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820↗2022-05-14

▶

📋Vendor Advisories

Android

CVE-2017-18297: Closed-source component↗2018-08-01

▶