← Back

CVE-2017-18302

nvd nist
Published: Sep 20, 2018Modified: Nov 21, 2024

JSON object

Loading...
4.7
Vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Exploitability: 1.0 / Impact: 3.6
Source: NVD

Description

In Snapdragon (Automobile ,Mobile) in version MSM8996AU, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, a crafted HLOS client can modify the structure in memory passed to a QSEE application between the time of check and the time of use, resulting in arbitrary writes to TZ kernel memory regions.

Affected (19)

Qualcomm
19 products
Msm8996au Firmware
Sd425 Firmware
Sd427 Firmware
Sd430 Firmware
Sd435 Firmware
Sd450 Firmware
Sd625 Firmware
Sd650 Firmware
Sd652 Firmware
Sd820 Firmware
Sd820a Firmware
Sd835 Firmware
Sda660 Firmware
Sdm429 Firmware
Sdm439 Firmware
Sdm630 Firmware
Sdm632 Firmware
Sdm636 Firmware
Sdm660 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Msm8996au Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Msm8996au
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sd425 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sd425
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sd427 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sd427
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sd430 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sd430
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sd435 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sd435
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sd450 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sd450
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sd625 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sd625
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sd650 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sd650
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sd652 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sd652
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sd820 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sd820
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sd820a Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sd820a
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sd835 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sd835
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sda660 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sda660
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdm429 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sdm429
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdm439 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sdm439
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdm630 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sdm630
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdm632 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sdm632
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdm636 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sdm636
All versions
Configuration S
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdm660 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sdm660
All versions

Related CWEs

CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References (6)

Source: product-security@qualcomm.com
Third Party AdvisoryVDB Entry
Source: product-security@qualcomm.com
Vendor Advisory
Source: product-security@qualcomm.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.