CVE-2017-18292
Severity Score
5.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Secure app running in non secure space can restart TZ by calling Widevine app API repeatedly in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A.
Una aplicación segura ejecutándose en un espacio no seguro puede reiniciar TZ llamando a la API de la app Widevine repetidamente en Snapdragon Automobile, Snapdragon Mobile y Snapdragon Wear en versiones MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820 y SD 820A.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-06-15 CVE Reserved
- 2018-10-23 CVE Published
- 2023-10-17 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1041432 | Third Party Advisory | |
| https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.qualcomm.com/company/product-security/bulletins | 2018-12-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Qualcomm Search vendor "Qualcomm" | Msm8909w Firmware Search vendor "Qualcomm" for product "Msm8909w Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Msm8909w Search vendor "Qualcomm" for product "Msm8909w" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Msm8996au Firmware Search vendor "Qualcomm" for product "Msm8996au Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Msm8996au Search vendor "Qualcomm" for product "Msm8996au" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 210 Firmware Search vendor "Qualcomm" for product "Sd 210 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 210 Search vendor "Qualcomm" for product "Sd 210" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 212 Firmware Search vendor "Qualcomm" for product "Sd 212 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 212 Search vendor "Qualcomm" for product "Sd 212" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 205 Firmware Search vendor "Qualcomm" for product "Sd 205 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 205 Search vendor "Qualcomm" for product "Sd 205" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 410 Firmware Search vendor "Qualcomm" for product "Sd 410 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 410 Search vendor "Qualcomm" for product "Sd 410" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 412 Firmware Search vendor "Qualcomm" for product "Sd 412 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 412 Search vendor "Qualcomm" for product "Sd 412" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 425 Firmware Search vendor "Qualcomm" for product "Sd 425 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 425 Search vendor "Qualcomm" for product "Sd 425" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 430 Firmware Search vendor "Qualcomm" for product "Sd 430 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 430 Search vendor "Qualcomm" for product "Sd 430" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 450 Firmware Search vendor "Qualcomm" for product "Sd 450 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 450 Search vendor "Qualcomm" for product "Sd 450" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 615 Firmware Search vendor "Qualcomm" for product "Sd 615 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 615 Search vendor "Qualcomm" for product "Sd 615" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 616 Firmware Search vendor "Qualcomm" for product "Sd 616 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 616 Search vendor "Qualcomm" for product "Sd 616" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 415 Firmware Search vendor "Qualcomm" for product "Sd 415 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 415 Search vendor "Qualcomm" for product "Sd 415" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 617 Firmware Search vendor "Qualcomm" for product "Sd 617 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 617 Search vendor "Qualcomm" for product "Sd 617" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 625 Firmware Search vendor "Qualcomm" for product "Sd 625 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 625 Search vendor "Qualcomm" for product "Sd 625" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 650 Firmware Search vendor "Qualcomm" for product "Sd 650 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 650 Search vendor "Qualcomm" for product "Sd 650" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 652 Firmware Search vendor "Qualcomm" for product "Sd 652 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 652 Search vendor "Qualcomm" for product "Sd 652" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 800 Firmware Search vendor "Qualcomm" for product "Sd 800 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 800 Search vendor "Qualcomm" for product "Sd 800" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 810 Firmware Search vendor "Qualcomm" for product "Sd 810 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 810 Search vendor "Qualcomm" for product "Sd 810" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 820 Firmware Search vendor "Qualcomm" for product "Sd 820 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 820 Search vendor "Qualcomm" for product "Sd 820" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 820a Firmware Search vendor "Qualcomm" for product "Sd 820a Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 820a Search vendor "Qualcomm" for product "Sd 820a" | - | - |
Safe
|