CVE-2017-15856
Description
Due to a race condition while processing the power stats debug file to read status, a double free condition can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A race condition in the power stats debug file of the Qualcomm Linux kernel leads to a double free vulnerability.
Vulnerability
A race condition exists in the processing of the power stats debug file (/proc/power_stats) when reading status, resulting in a potential double free. This vulnerability affects Android releases from Code Aurora Forum (CAF) using the Linux kernel, including Android for MSM, Firefox OS for MSM, and QRD Android, before the security patch level of 2018-06-05 [1].
Exploitation
To exploit this vulnerability, an attacker must be able to trigger a race condition while reading the power stats debug file. This likely requires local access to the device and the ability to simultaneously read and write to the debug file, or to race the file operations. The exact steps are not detailed in the available references.
Impact
Successful exploitation of the double free condition can lead to memory corruption, potentially allowing an attacker to achieve arbitrary code execution or cause a system crash (denial of service). The impact is constrained to the kernel context.
Mitigation
The vulnerability is patched in the Android security patch level of 2018-06-05, as released in the Pixel/Nexus Security Bulletin of June 2018 [1]. Users should ensure their devices receive the latest security updates from their vendors.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: before security patch level 2018-06-05
- Range: before security patch level 2018-06-05
- Range: before security patch level 2018-06-05
- Qualcomm, Inc./Android for MSM, Firefox OS for MSM, QRD Androidv5Range: All Android releases from CAF using the Linux kernel
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- source.android.com/security/bulletin/pixel/2018-06-01mitrex_refsource_CONFIRM
- source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/mitrex_refsource_CONFIRM
- www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletinmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.