CVE-2017-18304

Published: Oct 23, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Insufficient memory allocation in boot due to incorrect size being passed could result in out of bounds access in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660 and SDX20

Affected (26)

Products: Qaulcomm: Fsm9055 Firmware · Qualcomm: Mdm9206 Firmware, Mdm9607 Firmware, Mdm9640 Firmware, Mdm9650 Firmware, Msm8909w Firmware, Msm8996au Firmware, Sd 210 Firmware, Sd 212 Firmware, Sd 205 Firmware, Sd 425 Firmware, Sd 430 Firmware, Sd 450 Firmware, Sd 615 Firmware, Sd 616 Firmware, Sd 415 Firmware, Sd 617 Firmware, Sd 625 Firmware, Sd 650 Firmware, Sd 652 Firmware, Sd 810 Firmware, Sd 820 Firmware, Sd 820a Firmware, Sd 835 Firmware, Sda660 Firmware, Sdx20 Firmware

1 product

25 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qaulcomm Fsm9055 Firmware	All versions

Running on/with	Platform Versions
Qaulcomm Fsm9055	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9206 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9206	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9607 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9607	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9640 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9640	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9650 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9650	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8909w Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8909w	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8996au Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8996au	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 210 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 210	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 212 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 212	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 205 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 205	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 425 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 425	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 430 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 430	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 450 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 450	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 615 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 615	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 616 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 616	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 415 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 415	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 617 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 617	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 625 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 625	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 650 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 650	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 652 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 652	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 810 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 810	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 820 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 820	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 820a Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 820a	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 835 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 835	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sda660 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sda660	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdx20 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdx20	All versions

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (6)

http://www.securitytracker.com/id/1041432

Source: product-security@qualcomm.com

Third Party AdvisoryVDB Entry

https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components

Source: product-security@qualcomm.com

Third Party Advisory

https://www.qualcomm.com/company/product-security/bulletins

Source: product-security@qualcomm.com

Vendor Advisory

http://www.securitytracker.com/id/1041432

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.qualcomm.com/company/product-security/bulletins

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.