CVE-2017-18292

EUVD-2017-9418
Secure app running in non secure space can restart TZ by calling Widevine app API repeatedly in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Affected Products (NVD)
VendorProductVersion
qualcommmsm8909w_firmware
-
qualcommmsm8996au_firmware
-
qualcommsd_210_firmware
-
qualcommsd_212_firmware
-
qualcommsd_205_firmware
-
qualcommsd_410_firmware
-
qualcommsd_412_firmware
-
qualcommsd_425_firmware
-
qualcommsd_430_firmware
-
qualcommsd_450_firmware
-
qualcommsd_615_firmware
-
qualcommsd_616_firmware
-
qualcommsd_415_firmware
-
qualcommsd_617_firmware
-
qualcommsd_625_firmware
-
qualcommsd_650_firmware
-
qualcommsd_652_firmware
-
qualcommsd_800_firmware
-
qualcommsd_810_firmware
-
qualcommsd_820_firmware
-
qualcommsd_820a_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securitytracker.com/id/1041432
https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components
https://www.qualcomm.com/company/product-security/bulletins
http://www.securitytracker.com/id/1041432
https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components
https://www.qualcomm.com/company/product-security/bulletins