CVE-2017-18282 - Non-secure SW can cause SDCC to generate secure bus accesses, which may expose RPM access in Snapdra

CVE-2017-18282

Summary

Non-secure SW can cause SDCC to generate secure bus accesses, which may expose RPM access in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660.

References

Vulnerable Configurations

cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd210_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd210_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd210:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd210:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd212_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd212_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd212:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd212:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd205_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd205_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd205:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd205:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd425_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd425_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd425:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd425:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd430_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd430_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd430:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd430:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd450_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd450_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd450:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd450:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd625_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd625_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd625:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd625:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd650_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd650_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd650:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd650:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd652_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd652_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd652:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd652:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd835_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd835_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd835:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd835:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sda660:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sda660:-:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

confirm	https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components https://www.qualcomm.com/company/product-security/bulletins
sectrack	1041432

Last major update

03-10-2019 - 00:03

Published

23-10-2018 - 13:29

Last modified

03-10-2019 - 00:03