CVE-2017-18173

Published: May 6, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In case of using an invalid android verified boot signature with very large length, an integer underflow occurs in Snapdragon Mobile in SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 810, SD 820, SD 835, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016.

Affected (13)

Products: Qualcomm: Sd 425 Firmware, Sd 427 Firmware, Sd 430 Firmware, Sd 435 Firmware, Sd 450 Firmware, Sd 625 Firmware, Sd 810 Firmware, Sd 820 Firmware, Sd 835 Firmware, Sdm630 Firmware, Sdm636 Firmware, Sdm660 Firmware, Snapdragon High Med 2016 Firmware

13 products

Snapdragon High Med 2016 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 425 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 425	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 427 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 427	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 430 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 430	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 435 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 435	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 450 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 450	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 625 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 625	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 810 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 810	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 820 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 820	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 835 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 835	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm630 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm630	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm636 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm636	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm660 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm660	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon High Med 2016 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon High Med 2016	All versions

Related CWEs

CWE-190

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (2)

https://www.qualcomm.com/company/product-security/bulletins

Source: product-security@qualcomm.com

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.