CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 0CVE-2017-18293
https://notcve.org/view.php?id=CVE-2017-18293
When a particular GPIO is protected by blocking access to the corresponding GPIO resource registers, the protection can be bypassed using the corresponding banked GPIO registers instead in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660. Cuando un GPIO en concreto está protegido bloqueando el acceso a los registros de recursos GPIO correspondientes, la protección se puede omitir mediante los registros GPIO correspondientes en su lugar en Snapdragon Mobile y Snapdragon Wear en versiones MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835 y SDA660. • http://www.securitytracker.com/id/1041432 https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components https://www.qualcomm.com/company/product-security/bulletins •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2017-18312
https://notcve.org/view.php?id=CVE-2017-18312
While accessing SafeSwitch services, third party can manipulate a given device and perform unauthorized operation due to lack of checking of same state transitions in Snapdragon Automobile, Snapdragon Mobile in version MSM8996AU, SD 410/12, SD 617, SD 650/52, SD 810, SD 820, SD 820A Al acceder a los servicios SafeSwitch, los terceros pueden manipular un dispositivo determinado y realizar operaciones no autorizadas debido a la falta de comprobaciones de algunas transiciones del mismo estado en Snapdragon Automobile y Snapdragon Mobile en versiones MSM8996AU, SD 410/12, SD 617, SD 650/52, SD 810, SD 820 y SD 820A • https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components https://www.qualcomm.com/company/product-security/bulletins • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 48EXPL: 0CVE-2017-18172
https://notcve.org/view.php?id=CVE-2017-18172
In a device, with screen size 1440x2560, the check of contiguous buffer will overflow on certain buffer size resulting in an Integer Overflow or Wraparound in System UI in Snapdragon Automobile, Snapdragon Mobile in version MDM9635M, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016. En un dispositivo, con un tamaño de pantalla de 1440x2560, la comprobación de un búfer continuo se desbordará en ciertos tamaños de búfer, lo que resulta en un desbordamiento de búfer o un wraparound en la UI del sistema en Snapdragon Automobile y Snapdragon Mobile en versiones MDM9635M, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SDM630, SDM636, SDM660 y Snapdragon_High_Med_2016. • https://source.android.com/security/bulletin/2018-07-01#qualcomm-closed-source-components https://www.qualcomm.com/company/product-security/bulletins • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 46EXPL: 0CVE-2017-18277
https://notcve.org/view.php?id=CVE-2017-18277
When dynamic memory allocation fails, currently the process sleeps for one second and continues with infinite loop without retrying for memory allocation in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCN5502, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835. Cuando la asignación de memoria dinámica fracasa, actualmente el proceso duerme durante un segundo y continúa con un bucle infinito sin reintentar asignar la memoria en Snapdragon Automobile, Snapdragon Mobile y Snapdragon Wear en versiones MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCN5502, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A y SD 835. • https://source.android.com/security/bulletin/2018-07-01#qualcomm-closed-source-components https://www.qualcomm.com/company/product-security/bulletins • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 38EXPL: 0CVE-2017-18299
https://notcve.org/view.php?id=CVE-2017-18299
Improper translation table consolidation logic leads to resource exhaustion and QSEE error in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660 La lógica de consolidación de tablas de traducción conduce al agotamiento de recursos y un error QSEE en Snapdragon Automobile, Snapdragon Mobile y Snapdragon Wear en versiones MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850 y SDA660. • http://www.securitytracker.com/id/1041432 https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components https://www.qualcomm.com/company/product-security/bulletins • CWE-400: Uncontrolled Resource Consumption •