First published: Tue Jan 02 2018(Updated: )
In Android before 2018-01-05 on Qualcomm Snapdragon Mobile SD 625, SD 650/52, SD 835, accessing SPCOM functions with a compromised client structure can result in a Use After Free condition.
Credit: product-security@qualcomm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Android | ||
Qualcomm SD 625 Firmware | ||
Qualcomm Snapdragon 625 | ||
Qualcomm SD650 Firmware | ||
Qualcomm Snapdragon 650 | ||
Qualcomm SD652 Firmware | ||
Qualcomm SD652 Firmware | ||
Qualcomm SD835 Firmware | ||
Qualcomm Snapdragon 835 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-14915 is classified as a critical vulnerability due to its potential to allow unauthorized access and exploitation of the affected devices.
To mitigate CVE-2017-14915, update the Qualcomm firmware to the latest version released after January 5, 2018.
CVE-2017-14915 affects Qualcomm Snapdragon SD 625, SD 650/52, and SD 835 devices running Android before January 5, 2018.
CVE-2017-14915 is a use-after-free vulnerability that can occur when accessing SPCOM functions with a compromised client structure.
If unable to update, it is advised to minimize exposure and avoid using sensitive data on affected devices until a fix is applied.