CVE-2017-18282

Published: Oct 23, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Non-secure SW can cause SDCC to generate secure bus accesses, which may expose RPM access in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660.

Affected (14)

Products: Qualcomm: Mdm9206 Firmware, Mdm9607 Firmware, Mdm9650 Firmware, Sd210 Firmware, Sd212 Firmware, Sd205 Firmware, Sd425 Firmware, Sd430 Firmware, Sd450 Firmware, Sd625 Firmware, Sd650 Firmware, Sd652 Firmware, Sd835 Firmware, Sda660 Firmware

14 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9206 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9206	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9607 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9607	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9650 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9650	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd210 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd210	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd212 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd212	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd205 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd205	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd425 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd425	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd430 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd430	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd450 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd450	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd625 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd625	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd650 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd650	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd652 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd652	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd835 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd835	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sda660 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sda660	All versions

References (6)

http://www.securitytracker.com/id/1041432

Source: product-security@qualcomm.com

Third Party AdvisoryVDB Entry

https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components

Source: product-security@qualcomm.com

Third Party Advisory

https://www.qualcomm.com/company/product-security/bulletins

Source: product-security@qualcomm.com

Vendor Advisory

http://www.securitytracker.com/id/1041432

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.qualcomm.com/company/product-security/bulletins

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.