CVEs-PoC/2017/CVE-2017-8246.md

### [CVE-2017-8246](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8246)
![](https://img.shields.io/static/v1?label=Product&message=Android%20for%20MSM%2C%20Firefox%20OS%20for%20MSM%2C%20QRD%20Android&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Use-After-Free%20in%20ALSA%20PCM%20Playback%20Kernel%20Module%20(CVE-2017-8246)&color=brighgreen)

### Description

In function msm_pcm_playback_close() in all Android releases from CAF using the Linux kernel, prtd is assigned substream->runtime->private_data. Later, prtd is freed. However, prtd is not sanitized and set to NULL, resulting in a dangling pointer. There are other functions that access the same memory (substream->runtime->private_data) with a NULL check, such as msm_pcm_volume_ctl_put(), which means this freed memory could be used.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/thdusdl1219/CVE-Study