CVE-2017-18292

Summary

Secure app running in non secure space can restart TZ by calling Widevine app API repeatedly in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A.

Affected Software

VendorProductVersion RangeStatus
Qualcomm, Inc.Snapdragon Automobile, Snapdragon Mobile, Snapdragon WearMSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820Aaffected

Weaknesses

  • Lack of Input Validation May Lead to System Reset

ADP Enrichment

CVE Program Container

Additional References

References