There is a race condition in Android for MSM, Firefox OS for MSM, and QRD Android that allows to access to already free'd memory in the debug message output functionality contained within the mobicore driver.
Conclusion & alert: CVE-2017-9691 is rated Low Risk (19.9/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.13%).Mandatory action: Low composite risk—no urgent action required; patch on your normal maintenance cycle and revisit priority if CVSS or EPSS increases.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
Exploit prediction scoring system (EPSS) score for CVE-2017-9691
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).