ID CVE-2017-18305
Summary XBL sec mem dump system call allows complete control of EL3 by unlocking all XPUs if enable fuse is not blown in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835.
References
Vulnerable Configurations
  • cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*
CVSS
Base: 6.9 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:M/Au:N/C:C/I:C/A:C
refmap via4
confirm
sectrack 1041432
Last major update 03-10-2019 - 00:03
Published 23-10-2018 - 13:29
Last modified 03-10-2019 - 00:03
Back to Top