Published: 20/09/2018 Updated: 23/11/2018

CVSS v2 Base Score: 4.7 | Impact Score: 6.9 | Exploitability Score: 3.4

CVSS v3 Base Score: 4.7 | Impact Score: 3.6 | Exploitability Score: 1

VMScore: 418

Vector: AV:L/AC:M/Au:N/C:N/I:C/A:N

In Snapdragon (Automobile ,Mobile) in version MSM8996AU, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, a crafted HLOS client can modify the structure in memory passed to a QSEE application between the time of check and the time of use, resulting in arbitrary writes to TZ kernel memory regions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
qualcomm msm8996au_firmware -
qualcomm sd425_firmware -
qualcomm sd427_firmware -
qualcomm sd430_firmware -
qualcomm sd435_firmware -
qualcomm sd450_firmware -
qualcomm sd625_firmware -
qualcomm sd650_firmware -
qualcomm sd652_firmware -
qualcomm sd820_firmware -
qualcomm sd820a_firmware -
qualcomm sd835_firmware -
qualcomm sda660_firmware -
qualcomm sdm429_firmware -
qualcomm sdm439_firmware -
qualcomm sdm630_firmware -
qualcomm sdm632_firmware -
qualcomm sdm636_firmware -
qualcomm sdm660_firmware -

CWE-362 https://www.qualcomm.com/company/product-security/bulletins https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components http://www.securitytracker.com/id/1041432 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-18302

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect