VDB

CVE-2017-13216

CVE-2017-13216 PUBLISHED

In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-66954097.

EPSS 3.84% · 88.4th percentile

Risk Scores

EPSS Score
3.84%
88.4th percentile

Affected Products

VendorProductVersions
Ubuntu:20.04:LTSlinux-raspi25.4.0-1004.4, 5.3.0-1007.8, 5.4.0-1006.6
Ubuntu:20.04:LTSlinux-riscv5.4.0-31.35, 5.4.0-33.37, 5.4.0-34.38
Ubuntu:20.04:LTSlinux-azure-fde5.4.0-1074.77+cvm1.1, 5.4.0-1073.76+cvm1.1, 5.4.0-1070.73+cvm1.1
Ubuntu:Pro:FIPS:16.04:LTSlinux-fips4.4.0-1005.5, 4.4.0-1006.6, 0
Ubuntu:24.04:LTSlinux-raspi-realtime6.8.0-2019.20, 0
Ubuntu:22.04:LTSlinux-intel-iot-realtime5.15.0-1073.75, 0
Ubuntu:22.04:LTSlinux-riscv5.15.0-1028.32, 5.15.0-1026.30, 5.15.0-1016.18
Ubuntu:20.04:LTSlinux-gke5.4.0-1035.37, 5.4.0-1044.46, 5.4.0-1080.86
Ubuntu:22.04:LTSlinux-realtime5.15.0-1032.35, 0

Exploit Intelligence

…and 2 more exploits

Timeline

  • Jan 3, 2018 CVE Published
  • Jan 8, 2018 PoC Published
  • Jan 9, 2018 PoC Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Feb 28, 2022 EPSS Score
  • May 2, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 5, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›