Lucene search

QualcommCVE-2017-18305

HistoryOct 23, 2018 - 1:29 p.m.

CVE-2017-18305

2018-10-2313:29:02

qualcomm

web.nvd.nist.gov

cve-2017-18305

xbl

security

mem dump

snapdragon

mdm9206

mdm9607

mdm9650

sd 210

sd 212

sd 205

sd 835

nvd

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

20.8%

JSON

XBL sec mem dump system call allows complete control of EL3 by unlocking all XPUs if enable fuse is not blown in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835.

Affected configurations

Nvd

Node

qualcommmdm9206_firmwareMatch-

AND

qualcommmdm9206Match-

Node

qualcommmdm9607_firmwareMatch-

AND

qualcommmdm9607Match-

Node

qualcommmdm9650_firmwareMatch-

AND

qualcommmdm9650Match-

Node

qualcommsd_210_firmwareMatch-

AND

qualcommsd_210Match-

Node

qualcommsd_212_firmwareMatch-

AND

qualcommsd_212Match-

Node

qualcommsd_205_firmwareMatch-

AND

qualcommsd_205Match-

Node

qualcommsd_835_firmwareMatch-

AND

qualcommsd_835Match-

VendorProductVersionCPE
qualcommmdm9206_firmware-cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
qualcommmdm9206-cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*
qualcommmdm9607_firmware-cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
qualcommmdm9607-cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*
qualcommmdm9650_firmware-cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
qualcommmdm9650-cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*
qualcommsd_210_firmware-cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*
qualcommsd_210-cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*
qualcommsd_212_firmware-cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*
qualcommsd_212-cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qualcomm	mdm9206_firmware	-	cpe:2.3:o:qualcomm:mdm9206_firmware:-:::::::*
qualcomm	mdm9206	-	cpe:2.3:h:qualcomm:mdm9206:-:::::::*
qualcomm	mdm9607_firmware	-	cpe:2.3:o:qualcomm:mdm9607_firmware:-:::::::*
qualcomm	mdm9607	-	cpe:2.3:h:qualcomm:mdm9607:-:::::::*
qualcomm	mdm9650_firmware	-	cpe:2.3:o:qualcomm:mdm9650_firmware:-:::::::*
qualcomm	mdm9650	-	cpe:2.3:h:qualcomm:mdm9650:-:::::::*
qualcomm	sd_210_firmware	-	cpe:2.3:o:qualcomm:sd_210_firmware:-:::::::*
qualcomm	sd_210	-	cpe:2.3:h:qualcomm:sd_210:-:::::::*
qualcomm	sd_212_firmware	-	cpe:2.3:o:qualcomm:sd_212_firmware:-:::::::*
qualcomm	sd_212	-	cpe:2.3:h:qualcomm:sd_212:-:::::::*

Rows per page:

1-10 of 141

CNA Affected

[
  {
    "product": "Snapdragon Mobile, Snapdragon Wear",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835"
      }
    ]
  }
]

References

www.securitytracker.com/id/1041432

source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components

www.qualcomm.com/company/product-security/bulletins

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

20.8%

JSON

Related for CVE-2017-18305