CVE-2017-18173

Summary

In case of using an invalid android verified boot signature with very large length, an integer underflow occurs in Snapdragon Mobile in SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 810, SD 820, SD 835, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016.

Affected Software

VendorProductVersion RangeStatus
Qualcomm Technologies, Inc.Snapdragon MobileSD 425affected
Qualcomm Technologies, Inc.Snapdragon MobileSD 427affected
Qualcomm Technologies, Inc.Snapdragon MobileSD 430affected
Qualcomm Technologies, Inc.Snapdragon MobileSD 435affected
Qualcomm Technologies, Inc.Snapdragon MobileSD 450affected
Qualcomm Technologies, Inc.Snapdragon MobileSD 625affected
Qualcomm Technologies, Inc.Snapdragon MobileSD 810affected
Qualcomm Technologies, Inc.Snapdragon MobileSD 820affected
Qualcomm Technologies, Inc.Snapdragon MobileSD 835affected
Qualcomm Technologies, Inc.Snapdragon MobileSDM630affected
Qualcomm Technologies, Inc.Snapdragon MobileSDM636affected
Qualcomm Technologies, Inc.Snapdragon MobileSDM660affected
Qualcomm Technologies, Inc.Snapdragon MobileSnapdragon_High_Med_2016affected

Weaknesses

  • CWE190: Integer Overflow or Wraparound

ADP Enrichment

CVE Program Container

Additional References

References