CVE-2017-18305

EPSS 0.05%
Veröffentlicht 23.10.2018 13:29:02
Zuletzt bearbeitet 21.11.2024 03:19:49
Quelle product-security@qualcomm.com
Teams Watchlist Login
Unerledigt Login

XBL sec mem dump system call allows complete control of EL3 by unlocking all XPUs if enable fuse is not blown in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Qualcomm ≫ Mdm9206 Firmware Version-

Qualcomm ≫ Mdm9206 Version-

Qualcomm ≫ Mdm9607 Firmware Version-

Qualcomm ≫ Mdm9607 Version-

Qualcomm ≫ Mdm9650 Firmware Version-

Qualcomm ≫ Mdm9650 Version-

Qualcomm ≫ Sd 210 Firmware Version-

Qualcomm ≫ Sd 210 Version-

Qualcomm ≫ Sd 212 Firmware Version-

Qualcomm ≫ Sd 212 Version-

Qualcomm ≫ Sd 205 Firmware Version-

Qualcomm ≫ Sd 205 Version-

Qualcomm ≫ Sd 835 Firmware Version-

Qualcomm ≫ Sd 835 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.156

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7	1	5.9	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C

http://www.securitytracker.com/id/1041432

Third Party Advisory

VDB Entry

https://www.qualcomm.com/company/product-security/bulletins

Vendor Advisory

https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-18305

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-18305

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-18305

EUVD