Under certain mode of operations, HLOS may be able get direct or indirect access through DXE channels to tamper with the authenticated WCNSS firmware stored in DDR because DXE-accessible memory is located within the authenticated image in Snapdragon Mobile and Snapdragon Wear in version MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 617.

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Complete

Availability Impact None

AV:A/AC:M/Au:N/C:N/I:C/A:N
Vendors Products
Qualcomm
  • Sd 616
  • Sd 410
  • Sd 616 Firmware
  • Msm8909w Firmware
  • Sd 412
  • Sd 212
  • Sd 410 Firmware
  • Sd 205 Firmware
  • Msm8909w
  • Sd 415 Firmware
  • Sd 615
  • Sd 617 Firmware
  • Sd 615 Firmware
  • Sd 415
  • Sd 617
  • Sd 412 Firmware
  • Sd 210 Firmware
  • Sd 212 Firmware
  • Sd 210
  • Sd 205

Configuration 1 [-]

AND
cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*
References
Link Resource
https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components Third Party Advisory
https://www.qualcomm.com/company/product-security/bulletins Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: qualcomm

Published: 2018-10-23T13:00:00

Updated: 2018-10-23T12:57:01

Reserved: 2018-06-15T00:00:00

Link: CVE-2017-18313

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2018-10-23T13:29:02.837

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-18313

JSON object: View

cve-icon Redhat Information

No data.

CWE