CVE-2017-18305

EPSS 0.05%
Published 23.10.2018 13:29:02
Last modified 21.11.2024 03:19:49
Source product-security@qualcomm.com
Teams watchlist Login
Open Login

XBL sec mem dump system call allows complete control of EL3 by unlocking all XPUs if enable fuse is not blown in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835.

Affected products Warnungen 0 Metrics 3 CWE 0 References 6

Data is provided by the National Vulnerability Database (NVD)

Qualcomm ≫ Mdm9206 Firmware Version-

Qualcomm ≫ Mdm9206 Version-

Qualcomm ≫ Mdm9607 Firmware Version-

Qualcomm ≫ Mdm9607 Version-

Qualcomm ≫ Mdm9650 Firmware Version-

Qualcomm ≫ Mdm9650 Version-

Qualcomm ≫ Sd 210 Firmware Version-

Qualcomm ≫ Sd 210 Version-

Qualcomm ≫ Sd 212 Firmware Version-

Qualcomm ≫ Sd 212 Version-

Qualcomm ≫ Sd 205 Firmware Version-

Qualcomm ≫ Sd 205 Version-

Qualcomm ≫ Sd 835 Firmware Version-

Qualcomm ≫ Sd 835 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.156

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7	1	5.9	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C

http://www.securitytracker.com/id/1041432

Third Party Advisory

VDB Entry

https://www.qualcomm.com/company/product-security/bulletins

Vendor Advisory

https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-18305

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-18305

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-18305

EUVD