Details of VAR-201810-0042

ID

VAR-201810-0042

CVE

CVE-2017-18309

TITLE

Snapdragon Mobile Vulnerabilities in array index validation

Trust: 0.8

sources: JVNDB: JVNDB-2017-014319

DESCRIPTION

A micro-core of QMP transportation may cause a macro-core to read from or write to arbitrary memory in Snapdragon Mobile in version SD 845, SD 850. Snapdragon Mobile Contains a vulnerability related to array index validation.Information may be obtained and information may be altered. Both Qualcomm SD 845 and SD 850 are central processing unit (CPU) products of Qualcomm (Qualcomm). G-Link is one of the car-mobile phone interactive systems. The G-Link in the Qualcomm SD 845 and SD 850 (used in cars) has a security vulnerability caused by the program not properly validating the array index. A local attacker could exploit this vulnerability to read or write arbitrary memory

Trust: 1.8

sources: NVD: CVE-2017-18309 // JVNDB: JVNDB-2017-014319 // VULHUB: VHN-109418 // VULMON: CVE-2017-18309

AFFECTED PRODUCTS

vendor:	qualcomm	model:	sd 845	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 850	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 845	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 850	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2017-014319 // CNNVD: CNNVD-201810-1280 // NVD: CVE-2017-18309

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18309
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-18309
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201810-1280
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-109418
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-18309
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-18309
severity:	MEDIUM
baseScore:	6.6
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-109418
severity:	MEDIUM
baseScore:	6.6
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-18309
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	5.2
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-109418 // VULMON: CVE-2017-18309 // JVNDB: JVNDB-2017-014319 // CNNVD: CNNVD-201810-1280 // NVD: CVE-2017-18309

PROBLEMTYPE DATA

problemtype:

CWE-129

Trust: 1.9

sources: VULHUB: VHN-109418 // JVNDB: JVNDB-2017-014319 // NVD: CVE-2017-18309

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201810-1280

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201810-1280

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014319

PATCH

title:	October 2018 Qualcomm Technologies, Inc. Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins	Trust: 0.8
title:	Qualcomm SD 845 and SD 850 G-Link Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86352	Trust: 0.6
title:	Android Security Bulletins: Android Security Bulletin—August 2018	url:	https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=746dc14fcd3f5e139648cfdc9d9039a9	Trust: 0.1
title:	SamsungReleaseNotes	url:	https://github.com/samreleasenotes/SamsungReleaseNotes	Trust: 0.1

sources: VULMON: CVE-2017-18309 // JVNDB: JVNDB-2017-014319 // CNNVD: CNNVD-201810-1280

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18309	Trust: 2.6
db:	SECTRACK	id:	1041432	Trust: 1.2
db:	JVNDB	id:	JVNDB-2017-014319	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-1280	Trust: 0.7
db:	VULHUB	id:	VHN-109418	Trust: 0.1
db:	VULMON	id:	CVE-2017-18309	Trust: 0.1

sources: VULHUB: VHN-109418 // VULMON: CVE-2017-18309 // JVNDB: JVNDB-2017-014319 // CNNVD: CNNVD-201810-1280 // NVD: CVE-2017-18309

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins	Trust: 1.8
url:	http://www.securitytracker.com/id/1041432	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18309	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-18309	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/129.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://source.android.com/security/bulletin/2018-08-01.html	Trust: 0.1
url:	https://github.com/samreleasenotes/samsungreleasenotes	Trust: 0.1

sources: VULHUB: VHN-109418 // VULMON: CVE-2017-18309 // JVNDB: JVNDB-2017-014319 // CNNVD: CNNVD-201810-1280 // NVD: CVE-2017-18309

SOURCES

db:	VULHUB	id:	VHN-109418
db:	VULMON	id:	CVE-2017-18309
db:	JVNDB	id:	JVNDB-2017-014319
db:	CNNVD	id:	CNNVD-201810-1280
db:	NVD	id:	CVE-2017-18309

LAST UPDATE DATE

2024-11-23T20:10:02.657000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-109418	date:	2018-12-11T00:00:00
db:	VULMON	id:	CVE-2017-18309	date:	2018-12-11T00:00:00
db:	JVNDB	id:	JVNDB-2017-014319	date:	2019-01-21T00:00:00
db:	CNNVD	id:	CNNVD-201810-1280	date:	2018-10-29T00:00:00
db:	NVD	id:	CVE-2017-18309	date:	2024-11-21T03:19:49.440

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-109418	date:	2018-10-26T00:00:00
db:	VULMON	id:	CVE-2017-18309	date:	2018-10-26T00:00:00
db:	JVNDB	id:	JVNDB-2017-014319	date:	2019-01-21T00:00:00
db:	CNNVD	id:	CNNVD-201810-1280	date:	2018-10-29T00:00:00
db:	NVD	id:	CVE-2017-18309	date:	2018-10-26T13:29:00.450