Vulnerabilities > CVE-2017-18305 - Unspecified vulnerability in Qualcomm products

CVSS 7.0 - HIGH

Attack vector

LOCAL

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

high complexity

qualcomm

NVD

Published: 2018-10-23

Updated: 2019-10-03

Summary

XBL sec mem dump system call allows complete control of EL3 by unlocking all XPUs if enable fuse is not blown in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835.

Vulnerable Configurations

Part	Description	Count
OS	Qualcomm Qualcomm Mdm9206 Firmware - Qualcomm Mdm9607 Firmware - Qualcomm Mdm9650 Firmware - Qualcomm SD 210 Firmware - Qualcomm SD 212 Firmware - Qualcomm SD 205 Firmware - Qualcomm SD 835 Firmware -	7
Hardware	Qualcomm Qualcomm Mdm9206 - Qualcomm Mdm9607 - Qualcomm Mdm9650 - Qualcomm SD 210 - Qualcomm SD 212 - Qualcomm SD 205 - Qualcomm SD 835 -	7

References

https://www.qualcomm.com/company/product-security/bulletins
https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components
http://www.securitytracker.com/id/1041432