Sign-up

ID

VAR-201807-0290


CVE

CVE-2017-18155


TITLE

Snapdragon Automobile and Snapdragon Mobile Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-014044

DESCRIPTION

While playing HEVC content using HD DMB in Snapdragon Automobile and Snapdragon Mobile in version MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, an uninitialized variable can be used leading to a kernel fault. Snapdragon Automobile and Snapdragon Mobile Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MSM8996AU, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) for different platforms. Security flaws exist in several Qualcomm products. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

Trust: 1.8

sources: NVD: CVE-2017-18155 // JVNDB: JVNDB-2017-014044 // VULHUB: VHN-109249 // VULMON: CVE-2017-18155

AFFECTED PRODUCTS

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 450scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 625scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 820scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 820ascope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 835scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2017-014044 // CNNVD: CNNVD-201807-1138 // NVD: CVE-2017-18155

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18155
value: HIGH

Trust: 1.0

NVD: CVE-2017-18155
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201807-1138
value: MEDIUM

Trust: 0.6

VULHUB: VHN-109249
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-18155
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-18155
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-109249
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-18155
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-109249 // VULMON: CVE-2017-18155 // JVNDB: JVNDB-2017-014044 // CNNVD: CNNVD-201807-1138 // NVD: CVE-2017-18155

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-109249 // JVNDB: JVNDB-2017-014044 // NVD: CVE-2017-18155

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201807-1138

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201807-1138

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014044

PATCH
title:August 2018 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins
Trust: 0.8
title:Android Security Bulletins: Android Security Bulletin—June 2018url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=cc496c56e2bf669809bfb568f59af8e1
Trust: 0.1
title:SamsungReleaseNotesurl:https://github.com/samreleasenotes/SamsungReleaseNotes 
Trust: 0.1
title:Threatposturl:https://threatpost.com/google-patches-11-critical-android-bugs-in-june-update/132512/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-18155 // 
            
            
            
            JVNDB: JVNDB-2017-014044

EXTERNAL IDS
db:NVDid:CVE-2017-18155
Trust: 2.6
db:JVNDBid:JVNDB-2017-014044
Trust: 0.8
db:CNNVDid:CNNVD-201807-1138
Trust: 0.7
db:VULHUBid:VHN-109249
Trust: 0.1
db:VULMONid:CVE-2017-18155
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109249 // 
            
            
            
            VULMON: CVE-2017-18155 // 
            
            
            
            JVNDB: JVNDB-2017-014044 // 
            
            
            
            CNNVD: CNNVD-201807-1138 // 
            
            
            
            NVD: CVE-2017-18155

REFERENCES
url:https://source.android.com/security/bulletin/2018-06-01#qualcomm-components
Trust: 2.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18155
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-18155
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/google-patches-11-critical-android-bugs-in-june-update/132512/
Trust: 0.1
url:https://source.android.com/security/bulletin/2018-06-01.html
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109249 // 
            
            
            
            VULMON: CVE-2017-18155 // 
            
            
            
            JVNDB: JVNDB-2017-014044 // 
            
            
            
            CNNVD: CNNVD-201807-1138 // 
            
            
            
            NVD: CVE-2017-18155

SOURCES
db:VULHUBid:VHN-109249
db:VULMONid:CVE-2017-18155
db:JVNDBid:JVNDB-2017-014044
db:CNNVDid:CNNVD-201807-1138
db:NVDid:CVE-2017-18155

LAST UPDATE DATE
2024-11-23T23:12:06.172000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-109249date:2018-09-10T00:00:00
db:VULMONid:CVE-2017-18155date:2018-09-10T00:00:00
db:JVNDBid:JVNDB-2017-014044date:2018-10-02T00:00:00
db:CNNVDid:CNNVD-201807-1138date:2018-07-13T00:00:00
db:NVDid:CVE-2017-18155date:2024-11-21T03:19:27.690

SOURCES RELEASE DATE
db:VULHUBid:VHN-109249date:2018-07-12T00:00:00
db:VULMONid:CVE-2017-18155date:2018-07-12T00:00:00
db:JVNDBid:JVNDB-2017-014044date:2018-10-02T00:00:00
db:CNNVDid:CNNVD-201807-1138date:2018-07-13T00:00:00
db:NVDid:CVE-2017-18155date:2018-07-12T14:29:00.210