CVE-2017-18311

EUVD-2017-9437
XPU Master privilege escalation is possible due to improper access control of unused configuration xPU ports where unused configuration ports are open in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
Affected Products (NVD)
VendorProductVersion
qualcommmdm9607_firmware
-
qualcommmdm9635m_firmware
-
qualcommmdm9640_firmware
-
qualcommmdm9645_firmware
-
qualcommmdm9650_firmware
-
qualcommmdm9655_firmware
-
qualcommmsm8909w_firmware
-
qualcommmsm8996au_firmware
-
qualcommsd_210_firmware
-
qualcommsd_212_firmware
-
qualcommsd_205_firmware
-
qualcommsd_410_firmware
-
qualcommsd_412_firmware
-
qualcommsd_425_firmware
-
qualcommsd_427_firmware
-
qualcommsd_430_firmware
-
qualcommsd_435_firmware
-
qualcommsd_450_firmware
-
qualcommsd_615_firmware
-
qualcommsd_616_firmware
-
qualcommsd_415_firmware
-
qualcommsd_625_firmware
-
qualcommsd_650_firmware
-
qualcommsd_652_firmware
-
qualcommsd_810_firmware
-
qualcommsd_820_firmware
-
qualcommsd_820a_firmware
-
qualcommsd_835_firmware
-
qualcommsda660_firmware
-
qualcommsdm429_firmware
-
qualcommsdm439_firmware
-
qualcommsdm630_firmware
-
qualcommsdm632_firmware
-
qualcommsdm636_firmware
-
qualcommsdm660_firmware
-
𝑥
= Vulnerable software versions
References
https://www.qualcomm.com/company/product-security/bulletins
https://www.qualcomm.com/company/product-security/bulletins