CVE-2017-18293 - When a particular GPIO is protected by blocking access to the corresponding GPIO resource registers,

CVE-2017-18293

Summary

When a particular GPIO is protected by blocking access to the corresponding GPIO resource registers, the protection can be bypassed using the corresponding banked GPIO registers instead in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660.

References

Vulnerable Configurations

cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sda660:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sda660:-:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

confirm	https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components https://www.qualcomm.com/company/product-security/bulletins
sectrack	1041432

Last major update

03-10-2019 - 00:03

Published

23-10-2018 - 13:29

Last modified

03-10-2019 - 00:03