ID
VAR-201803-1016
CVE
CVE-2017-14912
TITLE
plural Qualcomm Run on product Android Buffer error vulnerability
Trust: 0.8
DESCRIPTION
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile [VERSION]: MDM9206, MDM9607, MDM9650, MSM8909W, SD 200, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 835, the attributes of buffers in Secure Display were not marked properly. plural Qualcomm Run on product Android Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to multiple unspecified security vulnerabilities. Little is known about these issues or its effects at this time. We will update this BID as more information emerges. These issues are being tracked by Android Bug IDs A-62212946, A-32584150, A-62212739, A-62212298, A-62212632, A-65944893 and A-66913721. Android is a Linux-based open source operating system developed by Google and the Open Handheld Alliance (OHA). There is a buffer error vulnerability in Android versions before 2018-01-05. The vulnerability stems from the fact that the program does not correctly mark the buffer attribute in Secure Display. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements
Trust: 2.07
AFFECTED PRODUCTS
| vendor: | qualcomm | model: | sd 625 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 615 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 800 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 650 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 835 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 400 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 415 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 616 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 617 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 652 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 205 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 212 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 425 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9607 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9650 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9206 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | msm8909w | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 412 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 430 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 210 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 410 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9206 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9607 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9650 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | msm8909w | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 205 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 210 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 212 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 400 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 410 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 412 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 415 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 425 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 430 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 615 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 616 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 617 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 625 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 650 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 652 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 800 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 835 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | model: | pixel xl | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | pixel c | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | pixel xl | scope: | eq | version: | 20 | Trust: 0.3 | |
| vendor: | model: | pixel | scope: | eq | version: | 20 | Trust: 0.3 | |
| vendor: | model: | pixel | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 9 | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 7 | Trust: 0.3 | |
| vendor: | model: | nexus 6p | scope: | - | version: | - | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 6 | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 5x | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 5 | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 4 | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 10 | Trust: 0.3 | |
| vendor: | model: | android | scope: | eq | version: | 0 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-119 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
buffer error
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | Android のセキュリティに関する公開情報 - 2018 年 1 月 | url: | https://source.android.com/security/bulletin/2018-01-01 | Trust: 0.8 |
| title: | Android Buffer error vulnerability fix | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123390 | Trust: 0.6 |
| title: | Android Security Bulletins: Android Security Bulletin—January 2018 | url: | https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=ff88b75bf1ceb456c3338ab1aa0a6db7 | Trust: 0.1 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-14912 | Trust: 2.9 |
| db: | BID | id: | 102386 | Trust: 2.1 |
| db: | SECTRACK | id: | 1040106 | Trust: 1.8 |
| db: | JVNDB | id: | JVNDB-2017-013121 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201709-1244 | Trust: 0.7 |
| db: | NSFOCUS | id: | 38624 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-105682 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2017-14912 | Trust: 0.1 |
REFERENCES
| url: | https://source.android.com/security/bulletin/2018-01-01 | Trust: 2.1 |
| url: | http://www.securityfocus.com/bid/102386 | Trust: 1.9 |
| url: | http://www.securitytracker.com/id/1040106 | Trust: 1.8 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14912 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-14912 | Trust: 0.8 |
| url: | http://www.nsfocus.net/vulndb/38624 | Trust: 0.6 |
| url: | http://code.google.com/android/ | Trust: 0.3 |
| url: | https://cwe.mitre.org/data/definitions/119.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | https://source.android.com/security/bulletin/2018-01-01.html | Trust: 0.1 |
CREDITS
The vendor reported the issue.
Trust: 0.3
SOURCES
| db: | VULHUB | id: | VHN-105682 |
| db: | VULMON | id: | CVE-2017-14912 |
| db: | BID | id: | 102386 |
| db: | JVNDB | id: | JVNDB-2017-013121 |
| db: | CNNVD | id: | CNNVD-201709-1244 |
| db: | NVD | id: | CVE-2017-14912 |
LAST UPDATE DATE
2024-11-23T20:59:38.379000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-105682 | date: | 2018-04-27T00:00:00 |
| db: | VULMON | id: | CVE-2017-14912 | date: | 2018-04-27T00:00:00 |
| db: | BID | id: | 102386 | date: | 2018-01-02T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-013121 | date: | 2018-05-28T00:00:00 |
| db: | CNNVD | id: | CNNVD-201709-1244 | date: | 2020-07-10T00:00:00 |
| db: | NVD | id: | CVE-2017-14912 | date: | 2024-11-21T03:13:44.710 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-105682 | date: | 2018-03-30T00:00:00 |
| db: | VULMON | id: | CVE-2017-14912 | date: | 2018-03-30T00:00:00 |
| db: | BID | id: | 102386 | date: | 2018-01-02T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-013121 | date: | 2018-05-28T00:00:00 |
| db: | CNNVD | id: | CNNVD-201709-1244 | date: | 2017-09-29T00:00:00 |
| db: | NVD | id: | CVE-2017-14912 | date: | 2018-03-30T15:29:00.493 |