Lucene search

QualcommCVE-2017-18302

HistorySep 20, 2018 - 1:29 p.m.

CVE-2017-18302

2018-09-2013:29:00

CWE-362

qualcomm

web.nvd.nist.gov

cve-2017-18302

snapdragon

automobile

mobile

msm8996au

sd425

sd427

sd430

sd435

sd450

sd625

sd650

sd652

sd820

sd835

sda660

sdm429

sdm439

sdm630

sdm632

sdm636

sdm660

security vulnerability

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:C/A:N

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

20.0%

JSON

In Snapdragon (Automobile ,Mobile) in version MSM8996AU, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, a crafted HLOS client can modify the structure in memory passed to a QSEE application between the time of check and the time of use, resulting in arbitrary writes to TZ kernel memory regions.

Affected configurations

Nvd

Node

qualcommmsm8996au_firmwareMatch-

AND

qualcommmsm8996auMatch-

Node

qualcommsd425_firmwareMatch-

AND

qualcommsd425Match-

Node

qualcommsd427_firmwareMatch-

AND

qualcommsd427Match-

Node

qualcommsd430_firmwareMatch-

AND

qualcommsd430Match-

Node

qualcommsd435_firmwareMatch-

AND

qualcommsd435Match-

Node

qualcommsd450_firmwareMatch-

AND

qualcommsd450Match-

Node

qualcommsd625_firmwareMatch-

AND

qualcommsd625Match-

Node

qualcommsd650_firmwareMatch-

AND

qualcommsd650Match-

Node

qualcommsd652_firmwareMatch-

AND

qualcommsd652Match-

Node

qualcommsd820_firmwareMatch-

AND

qualcommsd820Match-

Node

qualcommsd820a_firmwareMatch-

AND

qualcommsd820aMatch-

Node

qualcommsd835_firmwareMatch-

AND

qualcommsd835Match-

Node

qualcommsda660_firmwareMatch-

AND

qualcommsda660Match-

Node

qualcommsdm429_firmwareMatch-

AND

qualcommsdm429Match-

Node

qualcommsdm439_firmwareMatch-

AND

qualcommsdm439Match-

Node

qualcommsdm630_firmwareMatch-

AND

qualcommsdm630Match-

Node

qualcommsdm632_firmwareMatch-

AND

qualcommsdm632Match-

Node

qualcommsdm636_firmwareMatch-

AND

qualcommsdm636Match-

Node

qualcommsdm660_firmwareMatch-

AND

qualcommsdm660Match-

VendorProductVersionCPE
qualcommmsm8996au_firmware-cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*
qualcommmsm8996au-cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*
qualcommsd425_firmware-cpe:2.3:o:qualcomm:sd425_firmware:-:*:*:*:*:*:*:*
qualcommsd425-cpe:2.3:h:qualcomm:sd425:-:*:*:*:*:*:*:*
qualcommsd427_firmware-cpe:2.3:o:qualcomm:sd427_firmware:-:*:*:*:*:*:*:*
qualcommsd427-cpe:2.3:h:qualcomm:sd427:-:*:*:*:*:*:*:*
qualcommsd430_firmware-cpe:2.3:o:qualcomm:sd430_firmware:-:*:*:*:*:*:*:*
qualcommsd430-cpe:2.3:h:qualcomm:sd430:-:*:*:*:*:*:*:*
qualcommsd435_firmware-cpe:2.3:o:qualcomm:sd435_firmware:-:*:*:*:*:*:*:*
qualcommsd435-cpe:2.3:h:qualcomm:sd435:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qualcomm	msm8996au_firmware	-	cpe:2.3:o:qualcomm:msm8996au_firmware:-:::::::*
qualcomm	msm8996au	-	cpe:2.3:h:qualcomm:msm8996au:-:::::::*
qualcomm	sd425_firmware	-	cpe:2.3:o:qualcomm:sd425_firmware:-:::::::*
qualcomm	sd425	-	cpe:2.3:h:qualcomm:sd425:-:::::::*
qualcomm	sd427_firmware	-	cpe:2.3:o:qualcomm:sd427_firmware:-:::::::*
qualcomm	sd427	-	cpe:2.3:h:qualcomm:sd427:-:::::::*
qualcomm	sd430_firmware	-	cpe:2.3:o:qualcomm:sd430_firmware:-:::::::*
qualcomm	sd430	-	cpe:2.3:h:qualcomm:sd430:-:::::::*
qualcomm	sd435_firmware	-	cpe:2.3:o:qualcomm:sd435_firmware:-:::::::*
qualcomm	sd435	-	cpe:2.3:h:qualcomm:sd435:-:::::::*

Rows per page:

1-10 of 381

CNA Affected

[
  {
    "product": "Snapdragon Automobile, Snapdragon Mobile",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "MSM8996AU, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016"
      }
    ]
  }
]

References

www.securitytracker.com/id/1041432

source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components

www.qualcomm.com/company/product-security/bulletins

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:C/A:N

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

20.0%

JSON

Related for CVE-2017-18302