Vulnerability Name:

CVE-2017-18302 (CCN-151381)

Assigned:2018-08-01
Published:2018-08-01
Updated:2018-11-23
Summary:In Snapdragon (Automobile ,Mobile) in version MSM8996AU, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, a crafted HLOS client can modify the structure in memory passed to a QSEE application between the time of check and the time of use, resulting in arbitrary writes to TZ kernel memory regions.
CVSS v3 Severity:4.7 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N)
4.1 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:4.7 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:C/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Complete
Availibility (A): None
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-362
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Google Web site
Android

Source: MITRE
Type: CNA
CVE-2017-18302

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1041432

Source: XF
Type: UNKNOWN
android-cve201718302-code-exec(151381)

Source: CCN
Type: Android Open Source Project
Android Security Bulletin—August 2018

Source: CONFIRM
Type: Vendor Advisory
https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components

Source: CONFIRM
Type: Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins

Vulnerable Configuration:Configuration 1:
  • cpe:/o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:msm8996au:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:qualcomm:sd425_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd425:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:qualcomm:sd427_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd427:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:qualcomm:sd430_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd430:-:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:qualcomm:sd435_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd435:-:*:*:*:*:*:*:*

    • Configuration 6:
  • cpe:/o:qualcomm:sd450_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd450:-:*:*:*:*:*:*:*

    • Configuration 7:
  • cpe:/o:qualcomm:sd625_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd625:-:*:*:*:*:*:*:*

    • Configuration 8:
  • cpe:/o:qualcomm:sd650_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd650:-:*:*:*:*:*:*:*

    • Configuration 9:
  • cpe:/o:qualcomm:sd652_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd652:-:*:*:*:*:*:*:*

    • Configuration 10:
  • cpe:/o:qualcomm:sd820_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd820:-:*:*:*:*:*:*:*

    • Configuration 11:
  • cpe:/o:qualcomm:sd820a_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd820a:-:*:*:*:*:*:*:*

    • Configuration 12:
  • cpe:/o:qualcomm:sd835_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd835:-:*:*:*:*:*:*:*

    • Configuration 13:
  • cpe:/o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sda660:-:*:*:*:*:*:*:*

    • Configuration 14:
  • cpe:/o:qualcomm:sdm429_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sdm429:-:*:*:*:*:*:*:*

    • Configuration 15:
  • cpe:/o:qualcomm:sdm439_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sdm439:-:*:*:*:*:*:*:*

    • Configuration 16:
  • cpe:/o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sdm630:-:*:*:*:*:*:*:*

    • Configuration 17:
  • cpe:/o:qualcomm:sdm632_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sdm632:-:*:*:*:*:*:*:*

    • Configuration 18:
  • cpe:/o:qualcomm:sdm636_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sdm636:-:*:*:*:*:*:*:*

    • Configuration 19:
  • cpe:/o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sdm660:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:google:android:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    qualcomm msm8996au firmware -
    qualcomm msm8996au -
    qualcomm sd425 firmware -
    qualcomm sd425 -
    qualcomm sd427 firmware -
    qualcomm sd427 -
    qualcomm sd430 firmware -
    qualcomm sd430 -
    qualcomm sd435 firmware -
    qualcomm sd435 -
    qualcomm sd450 firmware -
    qualcomm sd450 -
    qualcomm sd625 firmware -
    qualcomm sd625 -
    qualcomm sd650 firmware -
    qualcomm sd650 -
    qualcomm sd652 firmware -
    qualcomm sd652 -
    qualcomm sd820 firmware -
    qualcomm sd820 -
    qualcomm sd820a firmware -
    qualcomm sd820a -
    qualcomm sd835 firmware -
    qualcomm sd835 -
    qualcomm sda660 firmware -
    qualcomm sda660 -
    qualcomm sdm429 firmware -
    qualcomm sdm429 -
    qualcomm sdm439 firmware -
    qualcomm sdm439 -
    qualcomm sdm630 firmware -
    qualcomm sdm630 -
    qualcomm sdm632 firmware -
    qualcomm sdm632 -
    qualcomm sdm636 firmware -
    qualcomm sdm636 -
    qualcomm sdm660 firmware -
    qualcomm sdm660 -
    google android *