CVE-2017-18302

EPSS 0.05%
Published 20.09.2018 13:29:00
Last modified 21.11.2024 03:19:48
Source product-security@qualcomm.com
Teams watchlist Login
Open Login

In Snapdragon (Automobile ,Mobile) in version MSM8996AU, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, a crafted HLOS client can modify the structure in memory passed to a QSEE application between the time of check and the time of use, resulting in arbitrary writes to TZ kernel memory regions.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Qualcomm ≫ Msm8996au Firmware Version-

Qualcomm ≫ Msm8996au Version-

Qualcomm ≫ Sd425 Firmware Version-

Qualcomm ≫ Sd425 Version-

Qualcomm ≫ Sd427 Firmware Version-

Qualcomm ≫ Sd427 Version-

Qualcomm ≫ Sd430 Firmware Version-

Qualcomm ≫ Sd430 Version-

Qualcomm ≫ Sd435 Firmware Version-

Qualcomm ≫ Sd435 Version-

Qualcomm ≫ Sd450 Firmware Version-

Qualcomm ≫ Sd450 Version-

Qualcomm ≫ Sd625 Firmware Version-

Qualcomm ≫ Sd625 Version-

Qualcomm ≫ Sd650 Firmware Version-

Qualcomm ≫ Sd650 Version-

Qualcomm ≫ Sd652 Firmware Version-

Qualcomm ≫ Sd652 Version-

Qualcomm ≫ Sd820 Firmware Version-

Qualcomm ≫ Sd820 Version-

Qualcomm ≫ Sd820a Firmware Version-

Qualcomm ≫ Sd820a Version-

Qualcomm ≫ Sd835 Firmware Version-

Qualcomm ≫ Sd835 Version-

Qualcomm ≫ Sda660 Firmware Version-

Qualcomm ≫ Sda660 Version-

Qualcomm ≫ Sdm429 Firmware Version-

Qualcomm ≫ Sdm429 Version-

Qualcomm ≫ Sdm439 Firmware Version-

Qualcomm ≫ Sdm439 Version-

Qualcomm ≫ Sdm630 Firmware Version-

Qualcomm ≫ Sdm630 Version-

Qualcomm ≫ Sdm632 Firmware Version-

Qualcomm ≫ Sdm632 Version-

Qualcomm ≫ Sdm636 Firmware Version-

Qualcomm ≫ Sdm636 Version-

Qualcomm ≫ Sdm660 Firmware Version-

Qualcomm ≫ Sdm660 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.136

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.7	1	3.6	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	4.7	3.4	6.9	AV:L/AC:M/Au:N/C:N/I:C/A:N

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

http://www.securitytracker.com/id/1041432

Third Party Advisory

VDB Entry

https://www.qualcomm.com/company/product-security/bulletins

Vendor Advisory

https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-18302

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-18302

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-18302

EUVD