Sign-up

ID

VAR-201810-0052


CVE

CVE-2017-18277


TITLE

plural Snapdragon Product depletion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-014298

DESCRIPTION

When dynamic memory allocation fails, currently the process sleeps for one second and continues with infinite loop without retrying for memory allocation in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCN5502, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835. Snapdragon Automobile , Snapdragon Mobile , Snapdragon Wear Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78240792, A-78240715, A-78240449, A-78240612, A-78240794, A-78240199, A-78240071, A-78240736, A-78242049, A-78241971, A-78241834, A-78241375, A-68989823, A-72951265, A-74235874, A-74236406, A-77485022, A-77485183, A-77485139, A-77483830, and A-77484449. Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. WLAN is one of the wireless local area network components. A security vulnerability exists in WLAN in several Qualcomm Snapdragon products. An attacker could exploit this vulnerability to cause a denial of service (infinite loop)

Trust: 2.07

sources: NVD: CVE-2017-18277 // JVNDB: JVNDB-2017-014298 // BID: 104760 // VULHUB: VHN-109383 // VULMON: CVE-2017-18277

AFFECTED PRODUCTS

vendor:qualcommmodel:qcn5502scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 415scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 652scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 810scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 616scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 600scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9640scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.8

vendor:qualcommmodel:qcn5502scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 415scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 425scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 430scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 450scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 600scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 615scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 616scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 625scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 652scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 810scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 820scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 820ascope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 835scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd425scope:eqversion: -

Trust: 0.6

vendor:qualcommmodel:sd212scope:eqversion: -

Trust: 0.6

vendor:qualcommmodel:sd210scope:eqversion: -

Trust: 0.6

vendor:qualcommmodel:sd205scope:eqversion: -

Trust: 0.6

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus playerscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 104760 // JVNDB: JVNDB-2017-014298 // CNNVD: CNNVD-201810-1150 // NVD: CVE-2017-18277

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18277
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-18277
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201810-1150
value: MEDIUM

Trust: 0.6

VULHUB: VHN-109383
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-18277
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-18277
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-109383
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-18277
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-109383 // VULMON: CVE-2017-18277 // JVNDB: JVNDB-2017-014298 // CNNVD: CNNVD-201810-1150 // NVD: CVE-2017-18277

PROBLEMTYPE DATA

problemtype:CWE-835

Trust: 1.1

problemtype:CWE-400

Trust: 0.9

sources: VULHUB: VHN-109383 // JVNDB: JVNDB-2017-014298 // NVD: CVE-2017-18277

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201810-1150

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201810-1150

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014298

PATCH
title:October 2018 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins
Trust: 0.8
title:Multiple Qualcomm Snapdragon product WLAN Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86248
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—July 2018url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=25584b3d319ca9e7cb2fae9ec5dbf5e0
Trust: 0.1
title:SamsungReleaseNotesurl:https://github.com/samreleasenotes/SamsungReleaseNotes 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-18277 // 
            
            
            
            JVNDB: JVNDB-2017-014298 // 
            
            
            
            CNNVD: CNNVD-201810-1150

EXTERNAL IDS
db:NVDid:CVE-2017-18277
Trust: 2.9
db:JVNDBid:JVNDB-2017-014298
Trust: 0.8
db:CNNVDid:CNNVD-201810-1150
Trust: 0.7
db:BIDid:104760
Trust: 0.3
db:VULHUBid:VHN-109383
Trust: 0.1
db:VULMONid:CVE-2017-18277
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109383 // 
            
            
            
            VULMON: CVE-2017-18277 // 
            
            
            
            BID: 104760 // 
            
            
            
            JVNDB: JVNDB-2017-014298 // 
            
            
            
            CNNVD: CNNVD-201810-1150 // 
            
            
            
            NVD: CVE-2017-18277

REFERENCES
url:https://source.android.com/security/bulletin/2018-07-01#qualcomm-closed-source-components
Trust: 1.8
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18277
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-18277
Trust: 0.8
url:http://code.google.com/android/
Trust: 0.3
url:http://www.qualcomm.com/
Trust: 0.3
url:https://source.android.com/security/bulletin/2018-07-01
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/835.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://source.android.com/security/bulletin/2018-07-01.html
Trust: 0.1
url:https://github.com/samreleasenotes/samsungreleasenotes
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109383 // 
            
            
            
            VULMON: CVE-2017-18277 // 
            
            
            
            BID: 104760 // 
            
            
            
            JVNDB: JVNDB-2017-014298 // 
            
            
            
            CNNVD: CNNVD-201810-1150 // 
            
            
            
            NVD: CVE-2017-18277

CREDITS
The vendor reported these issues.
Trust: 0.3
sources:
            
            
            BID: 104760

SOURCES
db:VULHUBid:VHN-109383
db:VULMONid:CVE-2017-18277
db:BIDid:104760
db:JVNDBid:JVNDB-2017-014298
db:CNNVDid:CNNVD-201810-1150
db:NVDid:CVE-2017-18277

LAST UPDATE DATE
2024-11-23T21:38:38.281000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-109383date:2019-10-03T00:00:00
db:VULMONid:CVE-2017-18277date:2019-10-03T00:00:00
db:BIDid:104760date:2018-07-02T00:00:00
db:JVNDBid:JVNDB-2017-014298date:2019-01-11T00:00:00
db:CNNVDid:CNNVD-201810-1150date:2019-10-23T00:00:00
db:NVDid:CVE-2017-18277date:2024-11-21T03:19:45.063

SOURCES RELEASE DATE
db:VULHUBid:VHN-109383date:2018-10-23T00:00:00
db:VULMONid:CVE-2017-18277date:2018-10-23T00:00:00
db:BIDid:104760date:2018-07-02T00:00:00
db:JVNDBid:JVNDB-2017-014298date:2019-01-11T00:00:00
db:CNNVDid:CNNVD-201810-1150date:2018-10-24T00:00:00
db:NVDid:CVE-2017-18277date:2018-10-23T13:29:00.680