First published: Mon Apr 02 2018(Updated: )
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9206, MDM9607, SD 845, MSM8996, MSM8998, it is possible for IPA (internet protocol accelerator) channels owned by one security domain to be controlled from other domains.
Credit: product-security@qualcomm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Qualcomm MDM9206 firmware | ||
Qualcomm MDM9206 | ||
Qualcomm MDM9607 firmware | ||
Qualcomm MDM9607 | ||
qualcomm MSM8996AU firmware | ||
Qualcomm Snapdragon 8996 | ||
qualcomm MSM8998 firmware | ||
Qualcomm MSM8998 | ||
qualcomm SD 845 firmware | ||
qualcomm SD 845 | ||
Android |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-18129 has a high severity rating due to the potential for a security domain to control IPA channels owned by another domain.
To mitigate CVE-2017-18129, update your device to the latest Android security patch level dated after 2018-04-05.
CVE-2017-18129 affects Android devices utilizing Qualcomm Snapdragon platforms including MDM9206, MDM9607, SD 845, MSM8996, and MSM8998 before the mentioned patch level.
CVE-2017-18129 can be exploited to allow unauthorized access or control over IPA channels between security domains, potentially leading to data leakage.
CVE-2017-18129 is considered highly exploitable due to the nature of cross-domain control and the availability of affected devices.