CVE-2017-18125: Input Validation
First published: Mon Apr 02 2018(Updated: )
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850, when secure camera is activated it stores captured data in protected buffers. The TEE application which uses secure camera expects those buffers to contain data captured during the current camera session. It is possible though for HLOS to put aside and reuse one or more of the protected buffers with previously captured data during next camera session. Such data reuse must be prevented as the TEE applications expects to receive valid data captured during the current session only.
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Android | ||
| Qualcomm MDM9206 | ||
| Qualcomm MDM9206 firmware | ||
| Qualcomm MD9607 Firmware | ||
| Qualcomm MDM9607 firmware | ||
| Qualcomm MDM9650 | ||
| Qualcomm MDM9650 firmware | ||
| Qualcomm SD210 Firmware | ||
| Qualcomm SD 210 Firmware | ||
| Qualcomm SD 212 | ||
| Qualcomm SD 212 Firmware | ||
| Qualcomm 205 Firmware | ||
| Qualcomm SD205 Firmware | ||
| Qualcomm SD835 Firmware | ||
| Qualcomm Snapdragon 835 | ||
| Qualcomm SDA845 Firmware | ||
| Qualcomm SD845 | ||
| Qualcomm SD850 Firmware | ||
| Qualcomm SD850 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-18125?
CVE-2017-18125 is classified as a high severity vulnerability impacting certain Qualcomm Snapdragon chipsets and Android versions.
How do I fix CVE-2017-18125?
To fix CVE-2017-18125, update your Android device to the latest security patch level from April 2018 or later.
Which devices are affected by CVE-2017-18125?
CVE-2017-18125 affects devices using Qualcomm Snapdragon MDM9206, MDM9607, MDM9650, SD 210, SD 212, SD 205, SD 835, SD 845, and SD 850 chipsets on Android prior to the 2018-04-05 security patch.
What type of vulnerability is CVE-2017-18125?
CVE-2017-18125 is a security vulnerability associated with improper data handling in the secure camera implementation on affected devices.
Can CVE-2017-18125 lead to data breaches?
Yes, CVE-2017-18125 could potentially allow unauthorized access to sensitive data captured by the secure camera on affected devices.
- agent/references
- agent/type
- agent/first-publish-date
- agent/severity
- agent/author
- agent/description
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/google
- canonical/android
- vendor/qualcomm
- canonical/qualcomm mdm9206
- canonical/qualcomm mdm9206 firmware
- canonical/qualcomm md9607 firmware
- canonical/qualcomm mdm9607 firmware
- canonical/qualcomm mdm9650
- canonical/qualcomm mdm9650 firmware
- canonical/qualcomm sd210 firmware
- canonical/qualcomm sd 210 firmware
- canonical/qualcomm sd 212
- canonical/qualcomm sd 212 firmware
- canonical/qualcomm 205 firmware
- canonical/qualcomm sd205 firmware
- canonical/qualcomm sd835 firmware
- canonical/qualcomm snapdragon 835
- canonical/qualcomm sda845 firmware
- canonical/qualcomm sd845
- canonical/qualcomm sd850 firmware
- canonical/qualcomm sd850