Unprotected Access to Global Variable in Qualcomm Android and Firefox OS

Unprotected Access to Global Variable in Qualcomm Android and Firefox OS

CVE-2017-14880 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while IPA WAN-driver is processing multiple requests from modem/user-space module, the global variable "num_q6_rule" does not have a mutex lock and thus can be accessed and modified by multiple threads.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.