Sign-up

ID

VAR-201810-0051


CVE

CVE-2017-18172


TITLE

Snapdragon Automobile and Snapdragon Mobile Integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-014323

DESCRIPTION

In a device, with screen size 1440x2560, the check of contiguous buffer will overflow on certain buffer size resulting in an Integer Overflow or Wraparound in System UI in Snapdragon Automobile, Snapdragon Mobile in version MDM9635M, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016. Snapdragon Automobile and Snapdragon Mobile Contains an integer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78240792, A-78240715, A-78240449, A-78240612, A-78240794, A-78240199, A-78240071, A-78240736, A-78242049, A-78241971, A-78241834, A-78241375, A-68989823, A-72951265, A-74235874, A-74236406, A-77485022, A-77485183, A-77485139, A-77483830, and A-77484449. Qualcomm MDM9635M, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. System UI is one of the system UI (user interface) components. An integer overflow vulnerability exists in the System UI in several Qualcomm Snapdragon products

Trust: 2.07

sources: NVD: CVE-2017-18172 // JVNDB: JVNDB-2017-014323 // BID: 104760 // VULHUB: VHN-109268 // VULMON: CVE-2017-18172

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 810scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 800scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sdm636scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 617scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 652scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 415scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 427scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 616scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 400scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 435scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9635mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 412scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 410scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9635mscope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 400scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 410scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 412scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 415scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 425scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 427scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 430scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 435scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 450scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 615scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 616scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 617scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 625scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 652scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 800scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 810scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 820scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 820ascope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 835scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sdm630scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sdm636scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sdm660scope: - version: -

Trust: 0.8

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus playerscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 104760 // JVNDB: JVNDB-2017-014323 // CNNVD: CNNVD-201810-1149 // NVD: CVE-2017-18172

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18172
value: HIGH

Trust: 1.0

NVD: CVE-2017-18172
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201810-1149
value: HIGH

Trust: 0.6

VULHUB: VHN-109268
value: HIGH

Trust: 0.1

VULMON: CVE-2017-18172
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-18172
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-109268
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-18172
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-109268 // VULMON: CVE-2017-18172 // JVNDB: JVNDB-2017-014323 // CNNVD: CNNVD-201810-1149 // NVD: CVE-2017-18172

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.9

sources: VULHUB: VHN-109268 // JVNDB: JVNDB-2017-014323 // NVD: CVE-2017-18172

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201810-1149

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201810-1149

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014323

PATCH
title:Android のセキュリティに関する公開情報 - 2018 年 7 月url:https://source.android.com/security/bulletin/2018-07-01#qualcomm-closed-source-components
Trust: 0.8
title:October 2018 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins
Trust: 0.8
title:Multiple Qualcomm Snapdragon product System UI Fixes for digital error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86247
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—July 2018url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=25584b3d319ca9e7cb2fae9ec5dbf5e0
Trust: 0.1
title:SamsungReleaseNotesurl:https://github.com/samreleasenotes/SamsungReleaseNotes 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-18172 // 
            
            
            
            JVNDB: JVNDB-2017-014323 // 
            
            
            
            CNNVD: CNNVD-201810-1149

EXTERNAL IDS
db:NVDid:CVE-2017-18172
Trust: 2.9
db:JVNDBid:JVNDB-2017-014323
Trust: 0.8
db:CNNVDid:CNNVD-201810-1149
Trust: 0.7
db:BIDid:104760
Trust: 0.3
db:VULHUBid:VHN-109268
Trust: 0.1
db:VULMONid:CVE-2017-18172
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109268 // 
            
            
            
            VULMON: CVE-2017-18172 // 
            
            
            
            BID: 104760 // 
            
            
            
            JVNDB: JVNDB-2017-014323 // 
            
            
            
            CNNVD: CNNVD-201810-1149 // 
            
            
            
            NVD: CVE-2017-18172

REFERENCES
url:https://source.android.com/security/bulletin/2018-07-01#qualcomm-closed-source-components
Trust: 1.8
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18172
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-18172
Trust: 0.8
url:http://code.google.com/android/
Trust: 0.3
url:http://www.qualcomm.com/
Trust: 0.3
url:https://source.android.com/security/bulletin/2018-07-01
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/190.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://source.android.com/security/bulletin/2018-07-01.html
Trust: 0.1
url:https://github.com/samreleasenotes/samsungreleasenotes
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109268 // 
            
            
            
            VULMON: CVE-2017-18172 // 
            
            
            
            BID: 104760 // 
            
            
            
            JVNDB: JVNDB-2017-014323 // 
            
            
            
            CNNVD: CNNVD-201810-1149 // 
            
            
            
            NVD: CVE-2017-18172

CREDITS
The vendor reported these issues.
Trust: 0.3
sources:
            
            
            BID: 104760

SOURCES
db:VULHUBid:VHN-109268
db:VULMONid:CVE-2017-18172
db:BIDid:104760
db:JVNDBid:JVNDB-2017-014323
db:CNNVDid:CNNVD-201810-1149
db:NVDid:CVE-2017-18172

LAST UPDATE DATE
2024-11-23T21:38:38.174000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-109268date:2018-12-13T00:00:00
db:VULMONid:CVE-2017-18172date:2018-12-13T00:00:00
db:BIDid:104760date:2018-07-02T00:00:00
db:JVNDBid:JVNDB-2017-014323date:2019-01-25T00:00:00
db:CNNVDid:CNNVD-201810-1149date:2018-10-24T00:00:00
db:NVDid:CVE-2017-18172date:2024-11-21T03:19:28.847

SOURCES RELEASE DATE
db:VULHUBid:VHN-109268date:2018-10-23T00:00:00
db:VULMONid:CVE-2017-18172date:2018-10-23T00:00:00
db:BIDid:104760date:2018-07-02T00:00:00
db:JVNDBid:JVNDB-2017-014323date:2019-01-25T00:00:00
db:CNNVDid:CNNVD-201810-1149date:2018-10-24T00:00:00
db:NVDid:CVE-2017-18172date:2018-10-23T13:29:00.540