Sign-up

ID

VAR-201906-0779


CVE

CVE-2017-8252


TITLE

plural Snapdragon Authorization vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-014511

DESCRIPTION

Kernel can inject faults in computations during the execution of TrustZone leading to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SM7150, Snapdragon_High_Med_2016, SXR1130. plural Snapdragon The product contains an authorization vulnerability.Information may be obtained. Qualcomm MDM9206 and others are products of Qualcomm (Qualcomm). MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. MDM9640 is a central processing unit (CPU) product. A race condition vulnerability exists in several Qualcomm products. The vulnerability stems from the improper handling of concurrent access when concurrent codes need to access shared resources mutually exclusive during the running of the network system or product. The following products and versions are affected: IPQ4019; IPQ8074; MDM9150; MDM9206; MDM9607; MDM9615; MDM9635M; MDM9640; MDM9650; MDM9655; MSM8909W; 12; SD 425; SD 427; SD 430; SD 435; SD 439; SD 429; SD 450; SD 615/16; SD 415; SD 625; SD 632; SD 636; SD 710; SD 670; SD 820; SD 820A; SD 835; SD 845; SD 850; SD 855; SD 8CX;

Trust: 1.8

sources: NVD: CVE-2017-8252 // JVNDB: JVNDB-2017-014511 // VULHUB: VHN-116455 // VULMON: CVE-2017-8252

AFFECTED PRODUCTS

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 427scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 675scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qc 215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq4019scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq8074scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9655scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 616scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca8081scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 435scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 8cxscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 410scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 415scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 652scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon high med 2016scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9635mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 412scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq4019scope: - version: -

Trust: 0.8

vendor:qualcommmodel:ipq8074scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9150scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9615scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9635mscope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9640scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9655scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2017-014511 // NVD: CVE-2017-8252

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8252
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-8252
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201704-1433
value: MEDIUM

Trust: 0.6

VULHUB: VHN-116455
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-8252
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-8252
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-116455
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-8252
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-116455 // VULMON: CVE-2017-8252 // JVNDB: JVNDB-2017-014511 // CNNVD: CNNVD-201704-1433 // NVD: CVE-2017-8252

PROBLEMTYPE DATA

problemtype:CWE-285

Trust: 1.9

sources: VULHUB: VHN-116455 // JVNDB: JVNDB-2017-014511 // NVD: CVE-2017-8252

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201704-1433

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201704-1433

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014511

PATCH
title:March 2019 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins
Trust: 0.8
title:Android Qualcomm EcoSystem Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89827
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin — March 2019url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=e9cddeba5732c8294d7cd6c4b6f1170b
Trust: 0.1
title:Threatposturl:https://threatpost.com/google-critical-bluetooth-rce/142685/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-8252 // 
            
            
            
            JVNDB: JVNDB-2017-014511 // 
            
            
            
            CNNVD: CNNVD-201704-1433

EXTERNAL IDS
db:NVDid:CVE-2017-8252
Trust: 2.6
db:JVNDBid:JVNDB-2017-014511
Trust: 0.8
db:CNNVDid:CNNVD-201704-1433
Trust: 0.7
db:VULHUBid:VHN-116455
Trust: 0.1
db:VULMONid:CVE-2017-8252
Trust: 0.1
sources:
            
            
            VULHUB: VHN-116455 // 
            
            
            
            VULMON: CVE-2017-8252 // 
            
            
            
            JVNDB: JVNDB-2017-014511 // 
            
            
            
            CNNVD: CNNVD-201704-1433 // 
            
            
            
            NVD: CVE-2017-8252

REFERENCES
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-8252
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8252
Trust: 0.8
url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-march-2019-28664
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/285.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://source.android.com/security/bulletin/2019-03-01.html
Trust: 0.1
url:https://threatpost.com/google-critical-bluetooth-rce/142685/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-116455 // 
            
            
            
            VULMON: CVE-2017-8252 // 
            
            
            
            JVNDB: JVNDB-2017-014511 // 
            
            
            
            CNNVD: CNNVD-201704-1433 // 
            
            
            
            NVD: CVE-2017-8252

SOURCES
db:VULHUBid:VHN-116455
db:VULMONid:CVE-2017-8252
db:JVNDBid:JVNDB-2017-014511
db:CNNVDid:CNNVD-201704-1433
db:NVDid:CVE-2017-8252

LAST UPDATE DATE
2024-11-23T23:04:46.360000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-116455date:2019-06-17T00:00:00
db:VULMONid:CVE-2017-8252date:2019-06-17T00:00:00
db:JVNDBid:JVNDB-2017-014511date:2019-06-21T00:00:00
db:CNNVDid:CNNVD-201704-1433date:2019-06-18T00:00:00
db:NVDid:CVE-2017-8252date:2024-11-21T03:33:37.793

SOURCES RELEASE DATE
db:VULHUBid:VHN-116455date:2019-06-14T00:00:00
db:VULMONid:CVE-2017-8252date:2019-06-14T00:00:00
db:JVNDBid:JVNDB-2017-014511date:2019-06-21T00:00:00
db:CNNVDid:CNNVD-201704-1433date:2017-04-27T00:00:00
db:NVDid:CVE-2017-8252date:2019-06-14T17:29:00.220