Sign-up

ID

VAR-201905-0697


CVE

CVE-2017-18156


TITLE

plural Snapdragon Vulnerability in using freed memory in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-014449

DESCRIPTION

While processing camera buffers in camera driver, a use after free condition can occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 625, SD 820, SD 820A, SD 835, SDX20. plural Snapdragon The product contains a vulnerability related to the use of released memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-73539080, A-73539065, A-72951191, A-72950815, A-72950554, A-74236854, and A-74235510. Qualcomm MDM9206 is a central processing unit (CPU) product of Qualcomm (Qualcomm). A resource management error vulnerability exists in the Connected Camera in several Qualcomm products. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. The following products and versions (for automotive, mobile, and wearables) are affected: Qualcomm MDM9206; MDM9607; MDM9650; MSM8996AU; SD 210; SD 212; SD 205; SD 625; SD 820; SD 820A;

Trust: 2.07

sources: NVD: CVE-2017-18156 // JVNDB: JVNDB-2017-014449 // BID: 104759 // VULHUB: VHN-109250 // VULMON: CVE-2017-18156

AFFECTED PRODUCTS

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 625scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 820scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 820ascope: - version: -

Trust: 0.8

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus playerscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 104759 // JVNDB: JVNDB-2017-014449 // NVD: CVE-2017-18156

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18156
value: HIGH

Trust: 1.0

NVD: CVE-2017-18156
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201905-144
value: HIGH

Trust: 0.6

VULHUB: VHN-109250
value: HIGH

Trust: 0.1

VULMON: CVE-2017-18156
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-18156
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-109250
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-18156
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-109250 // VULMON: CVE-2017-18156 // JVNDB: JVNDB-2017-014449 // CNNVD: CNNVD-201905-144 // NVD: CVE-2017-18156

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.9

sources: VULHUB: VHN-109250 // JVNDB: JVNDB-2017-014449 // NVD: CVE-2017-18156

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201905-144

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201905-144

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014449

PATCH
title:August 2018 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins
Trust: 0.8
title:Multiple Qualcomm Product resource management error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92290
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—June 2018url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=cc496c56e2bf669809bfb568f59af8e1
Trust: 0.1
title:SamsungReleaseNotesurl:https://github.com/samreleasenotes/SamsungReleaseNotes 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-18156 // 
            
            
            
            JVNDB: JVNDB-2017-014449 // 
            
            
            
            CNNVD: CNNVD-201905-144

EXTERNAL IDS
db:NVDid:CVE-2017-18156
Trust: 2.9
db:JVNDBid:JVNDB-2017-014449
Trust: 0.8
db:CNNVDid:CNNVD-201905-144
Trust: 0.7
db:BIDid:104759
Trust: 0.3
db:VULHUBid:VHN-109250
Trust: 0.1
db:VULMONid:CVE-2017-18156
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109250 // 
            
            
            
            VULMON: CVE-2017-18156 // 
            
            
            
            BID: 104759 // 
            
            
            
            JVNDB: JVNDB-2017-014449 // 
            
            
            
            CNNVD: CNNVD-201905-144 // 
            
            
            
            NVD: CVE-2017-18156

REFERENCES
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-18156
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18156
Trust: 0.8
url:http://code.google.com/android/
Trust: 0.3
url:http://www.qualcomm.com/
Trust: 0.3
url:https://source.android.com/security/bulletin/2018-06-01
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/416.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://source.android.com/security/bulletin/2018-06-01.html
Trust: 0.1
url:https://github.com/samreleasenotes/samsungreleasenotes
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109250 // 
            
            
            
            VULMON: CVE-2017-18156 // 
            
            
            
            BID: 104759 // 
            
            
            
            JVNDB: JVNDB-2017-014449 // 
            
            
            
            CNNVD: CNNVD-201905-144 // 
            
            
            
            NVD: CVE-2017-18156

CREDITS
The vendor reported these issues.
Trust: 0.3
sources:
            
            
            BID: 104759

SOURCES
db:VULHUBid:VHN-109250
db:VULMONid:CVE-2017-18156
db:BIDid:104759
db:JVNDBid:JVNDB-2017-014449
db:CNNVDid:CNNVD-201905-144
db:NVDid:CVE-2017-18156

LAST UPDATE DATE
2024-11-23T22:06:40.208000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-109250date:2019-05-07T00:00:00
db:VULMONid:CVE-2017-18156date:2019-05-07T00:00:00
db:BIDid:104759date:2018-06-06T00:00:00
db:JVNDBid:JVNDB-2017-014449date:2019-05-31T00:00:00
db:CNNVDid:CNNVD-201905-144date:2019-05-14T00:00:00
db:NVDid:CVE-2017-18156date:2024-11-21T03:19:27.807

SOURCES RELEASE DATE
db:VULHUBid:VHN-109250date:2019-05-06T00:00:00
db:VULMONid:CVE-2017-18156date:2019-05-06T00:00:00
db:BIDid:104759date:2018-06-06T00:00:00
db:JVNDBid:JVNDB-2017-014449date:2019-05-31T00:00:00
db:CNNVDid:CNNVD-201905-144date:2019-05-06T00:00:00
db:NVDid:CVE-2017-18156date:2019-05-06T23:29:00.360