CVE-2017-14877
Description
While the IPA driver in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-08-31 is processing IOCTL commands there is no mutex lock of allocated memory. If one thread sends an ioctl cmd IPA_IOC_QUERY_RT_TBL_INDEX while another sends an ioctl cmd IPA_IOC_DEL_RT_RULE, a use-after-free condition may occur.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A use-after-free in the IPA driver on MSM platforms allows an unprivileged local attacker to execute arbitrary code in the kernel.
Vulnerability
The vulnerability resides in the IPA (IP Accelerator) driver used in Android for MSM, Firefox OS for MSM, and QRD Android. While the driver processes IOCTL commands, there is no mutex lock protecting the allocated memory. Affected builds are those before 2017-08-31. Specifically, if one thread sends an IPA_IOC_QUERY_RT_TBL_INDEX ioctl command while another thread sends IPA_IOC_DEL_RT_RULE, a race condition leads to a use-after-free condition [1].
Exploitation
To exploit this vulnerability, an attacker must first gain local access to the device and be able to execute code that can send the two specific IOCTL commands concurrently. The attacker needs no special privileges beyond normal user access. By racing the query and delete operations, the attacker can trigger the use-after-free, allowing the freed memory to be reused by a different object [1].
Impact
Successful exploitation results in arbitrary code execution in the kernel context. The attacker gains the ability to execute arbitrary code with kernel privileges, leading to full compromise of the device's security. The CIA impact is high as confidentiality, integrity, and availability can all be compromised [1].
Mitigation
The vulnerability was fixed in the Android security bulletin for February 2018. Devices that have received the 2018-02-01 security patch level are protected. The fix involves adding proper mutex locking to the IPA driver IOCTL handling code [1]. There is no known listing in CISA's KEV.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: <before 2017-08-31
- Range: <before 2017-08-31
- Range: <before 2017-08-31
- Qualcomm, Inc./Android for MSM, Firefox OS for MSM, QRD Androidv5Range: All Android releases from CAF using the Linux kernel
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- source.android.com/security/bulletin/pixel/2018-02-01mitrex_refsource_CONFIRM
- source.codeaurora.org/quic/la/kernel/msm-3.10/commit/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.