CVSS: 5.5EPSS: 0%CPEs: 42EXPL: 0CVE-2017-18292
https://notcve.org/view.php?id=CVE-2017-18292
Secure app running in non secure space can restart TZ by calling Widevine app API repeatedly in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A. Una aplicación segura ejecutándose en un espacio no seguro puede reiniciar TZ llamando a la API de la app Widevine repetidamente en Snapdragon Automobile, Snapdragon Mobile y Snapdragon Wear en versiones MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820 y SD 820A. • http://www.securitytracker.com/id/1041432 https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components https://www.qualcomm.com/company/product-security/bulletins • CWE-20: Improper Input Validation •
CVSS: 7.0EPSS: 0%CPEs: 14EXPL: 0CVE-2017-18305
https://notcve.org/view.php?id=CVE-2017-18305
XBL sec mem dump system call allows complete control of EL3 by unlocking all XPUs if enable fuse is not blown in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835. La llamada del sistema XBL sec mem dump permite el control total de EL3 desbloqueando todos los XPU si no se se sobrecarga un fusible "enable" en Snapdragon Mobile y Snapdragon Wear en versiones MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205 y SD 835. • http://www.securitytracker.com/id/1041432 https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components https://www.qualcomm.com/company/product-security/bulletins •
CVSS: 8.8EPSS: 0%CPEs: 48EXPL: 0CVE-2018-5874
https://notcve.org/view.php?id=CVE-2018-5874
While parsing an mp4 file, a stack-based buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Al analizar un archivo MP4, podría ocurrir un desbordamiento de búfer basado en pila en Snapdragon Automobile, Snapdragon Mobile y Snapdragon Wear. • https://www.qualcomm.com/company/product-security/bulletins • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 48EXPL: 0CVE-2018-5876
https://notcve.org/view.php?id=CVE-2018-5876
While parsing an mp4 file, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Al analizar un archivo MP4, podría ocurrir un desbordamiento de búfer en Snapdragon Automobile, Snapdragon Mobile y Snapdragon Wear. • https://www.qualcomm.com/company/product-security/bulletins • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 48EXPL: 0CVE-2018-5875
https://notcve.org/view.php?id=CVE-2018-5875
While parsing an mp4 file, an integer overflow leading to a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Al analizar un archivo MP4, podría ocurrir un desbordamiento de enteros que dé lugar a un desbordamiento de búfer en Snapdragon Automobile, Snapdragon Mobile y Snapdragon Wear. • https://www.qualcomm.com/company/product-security/bulletins • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •