CVE-2017-18313

Published: Oct 23, 2018Modified: Nov 21, 2024

5.3

Vector

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.6 / Impact: 3.6

Source: NVD

Description

Under certain mode of operations, HLOS may be able get direct or indirect access through DXE channels to tamper with the authenticated WCNSS firmware stored in DDR because DXE-accessible memory is located within the authenticated image in Snapdragon Mobile and Snapdragon Wear in version MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 617.

Affected (10)

Products: Qualcomm: Msm8909w Firmware, Sd 210 Firmware, Sd 212 Firmware, Sd 205 Firmware, Sd 410 Firmware, Sd 412 Firmware, Sd 615 Firmware, Sd 616 Firmware, Sd 415 Firmware, Sd 617 Firmware

10 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8909w Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8909w	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 210 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 210	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 212 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 212	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 205 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 205	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 410 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 410	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 412 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 412	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 615 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 615	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 616 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 616	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 415 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 415	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 617 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 617	All versions

References (4)

https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components

Source: product-security@qualcomm.com

Third Party Advisory

https://www.qualcomm.com/company/product-security/bulletins

Source: product-security@qualcomm.com

Vendor Advisory

https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.qualcomm.com/company/product-security/bulletins

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.