ID
VAR-201810-0056
CVE
CVE-2017-18292
TITLE
plural Snapdragon Vulnerability related to input validation in products
Trust: 0.8
DESCRIPTION
Secure app running in non secure space can restart TZ by calling Widevine app API repeatedly in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A. Snapdragon Automobile , Snapdragon Mobile , Snapdragon Wear Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Qualcomm MSM8909W, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) for different platforms. An attacker can exploit this vulnerability by calling the Widevine app API continuously to cause the system to restart
Trust: 1.8
AFFECTED PRODUCTS
| vendor: | qualcomm | model: | sd 615 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 810 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 800 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 650 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 820 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 820a | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 616 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 430 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 652 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 450 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | msm8996au | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 415 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 205 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 212 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 617 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 425 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | msm8909w | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 412 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 210 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 410 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 625 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | msm8909w | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | msm8996au | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 205 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 820a | scope: | - | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-20 | Trust: 1.9 |
THREAT TYPE
local
Trust: 0.6
TYPE
input validation
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | October 2018 Qualcomm Technologies, Inc. Security Bulletin | url: | https://www.qualcomm.com/company/product-security/bulletins | Trust: 0.8 |
| title: | Multiple Qualcomm Snapdragon Fixes for product input validation vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86251 | Trust: 0.6 |
| title: | Android Security Bulletins: Android Security Bulletin—August 2018 | url: | https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=746dc14fcd3f5e139648cfdc9d9039a9 | Trust: 0.1 |
| title: | SamsungReleaseNotes | url: | https://github.com/samreleasenotes/SamsungReleaseNotes | Trust: 0.1 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-18292 | Trust: 2.6 |
| db: | SECTRACK | id: | 1041432 | Trust: 1.2 |
| db: | JVNDB | id: | JVNDB-2017-014317 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201810-1153 | Trust: 0.7 |
| db: | VULHUB | id: | VHN-109400 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2017-18292 | Trust: 0.1 |
REFERENCES
| url: | https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components | Trust: 1.8 |
| url: | https://www.qualcomm.com/company/product-security/bulletins | Trust: 1.8 |
| url: | http://www.securitytracker.com/id/1041432 | Trust: 1.2 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18292 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-18292 | Trust: 0.8 |
| url: | https://cwe.mitre.org/data/definitions/20.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | https://source.android.com/security/bulletin/2018-08-01.html | Trust: 0.1 |
| url: | https://github.com/samreleasenotes/samsungreleasenotes | Trust: 0.1 |
SOURCES
| db: | VULHUB | id: | VHN-109400 |
| db: | VULMON | id: | CVE-2017-18292 |
| db: | JVNDB | id: | JVNDB-2017-014317 |
| db: | CNNVD | id: | CNNVD-201810-1153 |
| db: | NVD | id: | CVE-2017-18292 |
LAST UPDATE DATE
2024-11-23T19:57:36.573000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-109400 | date: | 2018-12-10T00:00:00 |
| db: | VULMON | id: | CVE-2017-18292 | date: | 2018-12-10T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-014317 | date: | 2019-01-18T00:00:00 |
| db: | CNNVD | id: | CNNVD-201810-1153 | date: | 2018-10-24T00:00:00 |
| db: | NVD | id: | CVE-2017-18292 | date: | 2024-11-21T03:19:47.303 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-109400 | date: | 2018-10-23T00:00:00 |
| db: | VULMON | id: | CVE-2017-18292 | date: | 2018-10-23T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-014317 | date: | 2019-01-18T00:00:00 |
| db: | CNNVD | id: | CNNVD-201810-1153 | date: | 2018-10-24T00:00:00 |
| db: | NVD | id: | CVE-2017-18292 | date: | 2018-10-23T13:29:01.133 |