Vulnerability CVE-2017-18301


Published: 2018-09-20

Description:
In Small Cell SoC and Snapdragon (Automobile, Mobile, Wear) in version FSM9055, FSM9955, MDM9607, MDM9640, MDM9650, MSM8909W, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, providing the NULL argument of ICE regulator while processing create key IOCTL results in system restart.

Type:

CWE-476

(NULL Pointer Dereference)

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.9/10
6.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Qualcomm -> Sd820 firmware 
Qualcomm -> Fsm9055 firmware 
Qualcomm -> Sd820a firmware 
Qualcomm -> Fsm9955 firmware 
Qualcomm -> Sd835 firmware 
Qualcomm -> Mdm9607 firmware 
Qualcomm -> Sd845 firmware 
Qualcomm -> Mdm9640 firmware 
Qualcomm -> Sdm630 firmware 
Qualcomm -> Mdm9650 firmware 
Qualcomm -> Sdm636 firmware 
Qualcomm -> Msm8909w firmware 
Qualcomm -> Sdm660 firmware 
Qualcomm -> Sd425 firmware 
Qualcomm -> Sdx20 firmware 
Qualcomm -> Sd427 firmware 
Qualcomm -> Sd430 firmware 
Qualcomm -> Sd435 firmware 
Qualcomm -> Sd450 firmware 
Qualcomm -> Sd617 firmware 
Qualcomm -> Sd625 firmware 
Qualcomm -> Sd650 firmware 
Qualcomm -> Sd652 firmware 

 References:
http://www.securitytracker.com/id/1041432
https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components
https://www.qualcomm.com/company/product-security/bulletins

Copyright 2024, cxsecurity.com

 

Back to Top