VDB
CVE-2017-17762
CVE-2017-17762
PUBLISHED
CVSS 5 MEDIUM
In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a possible use after free due to a race condition when a request has been previously freed by blk_mq_complete_request. This could lead to local escalation of privilege. Product: Android. Versions: Android kernel. Android ID: A-63083046.
EPSS 1.25% · 79.7th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
1.25%
79.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Google Inc. | Android | Android kernel |
| episerver | episerver | 0, 7, 7 |
| n/a | n/a | * |
Exploit Intelligence
- (crowdsec)
- (crowdsec)
- (crowdsec)
- (crowdsec)
- (crowdsec)
- (crowdsec)
- (crowdsec)
- (crowdsec)
- (crowdsec)
- https://kryptera.se/sarbarhet-i-episerver/ (nist-nvd)
…and 99 more exploits
Timeline
- Feb 6, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 8, 2022 CrowdSec Sighting
- Mar 8, 2022 CrowdSec Sighting
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Jul 21, 2022 CrowdSec Sighting
- Sep 5, 2022 EPSS Score
- Nov 8, 2022 CrowdSec Sighting
References
- https://gist.github.com/jonaslejon/5f92779848360a1a1e676af0795bd9aa url
- https://kryptera.se/sarbarhet-i-episerver/ url
- https://source.android.com/security/bulletin/2018-02-01 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2017-17762 advisory
- https://kryptera.se/sarbarhet-i-episerver url
- DSA-4187 vendor-advisory
- https://github.com/torvalds/linux/commit/0048b4837affd153897ed1222283492070027aa9 url