CVE-2017-18312
https://notcve.org/view.php?id=CVE-2017-18312
While accessing SafeSwitch services, third party can manipulate a given device and perform unauthorized operation due to lack of checking of same state transitions in Snapdragon Automobile, Snapdragon Mobile in version MSM8996AU, SD 410/12, SD 617, SD 650/52, SD 810, SD 820, SD 820A Al acceder a los servicios SafeSwitch, los terceros pueden manipular un dispositivo determinado y realizar operaciones no autorizadas debido a la falta de comprobaciones de algunas transiciones del mismo estado en Snapdragon Automobile y Snapdragon Mobile en versiones MSM8996AU, SD 410/12, SD 617, SD 650/52, SD 810, SD 820 y SD 820A • https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components https://www.qualcomm.com/company/product-security/bulletins • CWE-862: Missing Authorization •
CVE-2017-18172
https://notcve.org/view.php?id=CVE-2017-18172
In a device, with screen size 1440x2560, the check of contiguous buffer will overflow on certain buffer size resulting in an Integer Overflow or Wraparound in System UI in Snapdragon Automobile, Snapdragon Mobile in version MDM9635M, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016. En un dispositivo, con un tamaño de pantalla de 1440x2560, la comprobación de un búfer continuo se desbordará en ciertos tamaños de búfer, lo que resulta en un desbordamiento de búfer o un wraparound en la UI del sistema en Snapdragon Automobile y Snapdragon Mobile en versiones MDM9635M, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SDM630, SDM636, SDM660 y Snapdragon_High_Med_2016. • https://source.android.com/security/bulletin/2018-07-01#qualcomm-closed-source-components https://www.qualcomm.com/company/product-security/bulletins • CWE-190: Integer Overflow or Wraparound •
CVE-2017-18277
https://notcve.org/view.php?id=CVE-2017-18277
When dynamic memory allocation fails, currently the process sleeps for one second and continues with infinite loop without retrying for memory allocation in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCN5502, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835. Cuando la asignación de memoria dinámica fracasa, actualmente el proceso duerme durante un segundo y continúa con un bucle infinito sin reintentar asignar la memoria en Snapdragon Automobile, Snapdragon Mobile y Snapdragon Wear en versiones MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCN5502, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A y SD 835. • https://source.android.com/security/bulletin/2018-07-01#qualcomm-closed-source-components https://www.qualcomm.com/company/product-security/bulletins • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2017-18299
https://notcve.org/view.php?id=CVE-2017-18299
Improper translation table consolidation logic leads to resource exhaustion and QSEE error in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660 La lógica de consolidación de tablas de traducción conduce al agotamiento de recursos y un error QSEE en Snapdragon Automobile, Snapdragon Mobile y Snapdragon Wear en versiones MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850 y SDA660. • http://www.securitytracker.com/id/1041432 https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components https://www.qualcomm.com/company/product-security/bulletins • CWE-400: Uncontrolled Resource Consumption •
CVE-2017-18171
https://notcve.org/view.php?id=CVE-2017-18171
Improper input validation for GATT data packet received in Bluetooth Controller function can lead to possible memory corruption in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, SDM630, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016. Validación de entradas incorrecta para los paquetes de datos GATT en la función Bluetooth Controller puede conducir a una posible corrupción de memoria en Snapdragon Mobile en versiones QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, SDM630, SDM636, SDM660, SDM710 y Snapdragon_High_Med_2016. • https://source.android.com/security/bulletin/2018-07-01#qualcomm-closed-source-components https://www.qualcomm.com/company/product-security/bulletins • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •