CVE-2017-18292
N/A
N/A
Summary
Secure app running in non secure space can restart TZ by calling Widevine app API repeatedly in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear | MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A | affected |
Weaknesses
- Lack of Input Validation May Lead to System Reset
ADP Enrichment
CVE Program Container
Additional References
- https://www.qualcomm.com/company/product-security/bulletins
- http://www.securitytracker.com/id/1041432
- https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components
References
- https://www.qualcomm.com/company/product-security/bulletins
- http://www.securitytracker.com/id/1041432
- https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.