{
  "threat_severity" : "Moderate",
  "public_date" : "2015-10-12T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: Incorrect type conversion for size during dma allocation",
    "id" : "1489088",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1489088"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-681",
  "details" : [ "In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail.", "A flaw was found where the kernel truncated the value used to indicate the size of a buffer which it would later become zero using an untruncated value. This can corrupt memory outside of the original allocation." ],
  "statement" : "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2.\nFuture Linux kernel updates for the respective releases may address this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2018-04-10T00:00:00Z",
    "advisory" : "RHSA-2018:0676",
    "cpe" : "cpe:/a:redhat:rhel_extras_rt:7",
    "package" : "kernel-rt-0:3.10.0-862.rt56.804.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2018-04-10T00:00:00Z",
    "advisory" : "RHSA-2018:1062",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-862.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Extended Update Support",
    "release_date" : "2018-04-17T00:00:00Z",
    "advisory" : "RHSA-2018:1130",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.4",
    "package" : "kernel-0:3.10.0-693.25.2.el7"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2018-04-17T00:00:00Z",
    "advisory" : "RHSA-2018:1170",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "kernel-rt-1:3.10.0-693.25.2.rt56.612.el6rt"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-alt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2017-9725\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9725\nhttps://source.android.com/security/bulletin/2017-09-01" ],
  "name" : "CVE-2017-9725",
  "csaw" : false
}