Lucene search

[email protected]CVE-2017-18156

HistoryMay 06, 2019 - 11:29 p.m.

CVE-2017-18156

2019-05-0623:29:00

CWE-416

[email protected]

web.nvd.nist.gov

snapdragon

camera driver

cve-2017-18156

use after free

security vulnerability

nvd

mdm9206

mdm9607

mdm9650

msm8996au

sd 210

sd 212

sd 205

sd 625

sd 820

sd 820a

sd 835

sdx20

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

While processing camera buffers in camera driver, a use after free condition can occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 625, SD 820, SD 820A, SD 835, SDX20.

Affected configurations

NVD

Node

qualcommmdm9206_firmwareMatch-

AND

qualcommmdm9206Match-

Node

qualcommmdm9607_firmwareMatch-

AND

qualcommmdm9607Match-

Node

qualcommmdm9650_firmwareMatch-

AND

qualcommmdm9650Match-

Node

qualcommmsm8996au_firmwareMatch-

AND

qualcommmsm8996auMatch-

Node

qualcommsd_210_firmwareMatch-

AND

qualcommsd_210Match-

Node

qualcommsd_212_firmwareMatch-

AND

qualcommsd_212Match-

Node

qualcommsd_205_firmwareMatch-

AND

qualcommsd_205Match-

Node

qualcommsd_625_firmwareMatch-

AND

qualcommsd_625Match-

Node

qualcommsd_820_firmwareMatch-

AND

qualcommsd_820Match-

Node

qualcommsd_820a_firmwareMatch-

AND

qualcommsd_820aMatch-

Node

qualcommsd_835_firmwareMatch-

AND

qualcommsd_835Match-

Node

qualcommsdx20_firmwareMatch-

AND

qualcommsdx20Match-

CPENameOperatorVersion
qualcomm:mdm9206_firmwarequalcomm mdm9206 firmwareeq-

CPE	Name	Operator	Version
qualcomm:mdm9206_firmware	qualcomm mdm9206 firmware	eq	-

CNA Affected

[
  {
    "product": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
    "vendor": "Qualcomm Technologies, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "MDM9206"
      },
      {
        "status": "affected",
        "version": "MDM9607"
      },
      {
        "status": "affected",
        "version": "MDM9650"
      },
      {
        "status": "affected",
        "version": "MSM8996AU"
      },
      {
        "status": "affected",
        "version": "SD 210/SD 212/SD 205"
      },
      {
        "status": "affected",
        "version": "SD 625"
      },
      {
        "status": "affected",
        "version": "SD 820"
      },
      {
        "status": "affected",
        "version": "SD 820A"
      },
      {
        "status": "affected",
        "version": "SD 835"
      },
      {
        "status": "affected",
        "version": "SDX20"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2017-18156

prion1 cvelist1 nvd1