CVE-2017-18282

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2017-18282
Non-secure SW can cause SDCC to generate secure bus accesses, which may expose RPM access in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://www.securitytracker.com/id/1041432 Third Party Advisory VDB Entry
https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components Third Party Advisory
https://www.qualcomm.com/company/product-security/bulletins Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:qualcomm:sd210_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd210:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:qualcomm:sd212_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd212:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:qualcomm:sd205_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd205:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:qualcomm:sd425_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd425:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:qualcomm:sd430_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd430:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:qualcomm:sd450_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd450:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:qualcomm:sd625_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd625:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:qualcomm:sd650_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd650:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:qualcomm:sd652_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd652:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:qualcomm:sd835_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd835:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sda660:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2018-10-23 13:29

Updated : 2023-12-10 12:44

NVD link : CVE-2017-18282

Mitre link : CVE-2017-18282

CVE.ORG link : CVE-2017-18282

JSON object : View

Products Affected

qualcomm

  • sd425_firmware
  • sda660
  • mdm9607
  • mdm9206
  • sd450
  • sd210
  • sd205_firmware
  • sda660_firmware
  • sd835_firmware
  • sd652
  • sd450_firmware
  • sd430_firmware
  • sd430
  • sd625
  • sd835
  • mdm9650
  • mdm9607_firmware
  • mdm9650_firmware
  • sd425
  • mdm9206_firmware
  • sd212
  • sd650
  • sd212_firmware
  • sd205
  • sd210_firmware
  • sd650_firmware
  • sd625_firmware
  • sd652_firmware
CWE
NVD-CWE-noinfo