What is CVE-2017-18139?

CVE-2017-18139 is a vulnerability in Android devices before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear.

What is the severity of CVE-2017-18139?

The severity of CVE-2017-18139 is critical with a CVSS score of 9.8.

Which devices are affected by CVE-2017-18139?

Android devices with Qualcomm Snapdragon Mobile and Snapdragon Wear before security patch level 2018-04-05 are affected by CVE-2017-18139.

How do I fix CVE-2017-18139?

To fix CVE-2017-18139, update your Android device to the security patch level 2018-04-05 or later.

Are Qualcomm MDM9206 and MDM9640 vulnerable to CVE-2017-18139?

No, Qualcomm MDM9206 and MDM9640 are not vulnerable to CVE-2017-18139.

Vulnerability/
CVE-2017-18139

critical

CWE

119

2/4/2018

11/4/2018

17/9/2024

CVE-2017-18139: Buffer Overflow

First published: Mon Apr 02 2018(Updated: )

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, a buffer overflow vulnerability may potentially exist while making an IMS call.

Credit: product-security@qualcomm.com

Affected Software	Affected Version	How to fix
Google Android
Qualcomm Mdm9206 Firmware
Qualcomm Mdm9206
Qualcomm Mdm9607 Firmware
Qualcomm Mdm9607
Google Android
Qualcomm Mdm9635m
Qualcomm Mdm9640 Firmware
Qualcomm Mdm9640
Qualcomm Mdm9645 Firmware
Qualcomm Mdm9645
Qualcomm Mdm9650 Firmware
Qualcomm Mdm9650
Qualcomm Mdm9655 Firmware
Qualcomm Mdm9655
Qualcomm Msm8909w Firmware
Qualcomm Msm8909w
Qualcomm Sd 210 Firmware
Qualcomm Sd 210
Qualcomm Sd 212 Firmware
Qualcomm Sd 212
Qualcomm Sd 205 Firmware
Qualcomm Sd 205
Qualcomm Sd 400 Firmware
Qualcomm Sd 400
Qualcomm Sd 410 Firmware
Qualcomm Sd 410
Qualcomm Sd 412 Firmware
Qualcomm Sd 412
Qualcomm Sd 425 Firmware
Qualcomm Sd 425
Qualcomm Sd 430 Firmware
Qualcomm Sd 430
Qualcomm Sd 450 Firmware
Qualcomm Sd 450
Qualcomm Sd 615 Firmware
Qualcomm Sd 615
Qualcomm Sd 616 Firmware
Qualcomm Sd 616
Qualcomm Sd 415 Firmware
Qualcomm Sd 415
Qualcomm Sd 617 Firmware
Qualcomm Sd 617
Qualcomm Sd 625 Firmware
Qualcomm Sd 625
Qualcomm Sd 650 Firmware
Qualcomm Sd 650
Qualcomm Sd 652 Firmware
Qualcomm Sd 652
Google Android
Qualcomm Sd 808
Google Android
Qualcomm Sd 810
Qualcomm Sd 820 Firmware
Qualcomm Sd 820
Qualcomm Sd 835 Firmware
Qualcomm Sd 835
Qualcomm Sd 845 Firmware
Qualcomm Sd 845
Qualcomm Sd 850 Firmware
Qualcomm Sd 850

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2017-18139?
CVE-2017-18139 is a vulnerability in Android devices before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear.
What is the severity of CVE-2017-18139?
The severity of CVE-2017-18139 is critical with a CVSS score of 9.8.
Which devices are affected by CVE-2017-18139?
Android devices with Qualcomm Snapdragon Mobile and Snapdragon Wear before security patch level 2018-04-05 are affected by CVE-2017-18139.
How do I fix CVE-2017-18139?
To fix CVE-2017-18139, update your Android device to the security patch level 2018-04-05 or later.
Are Qualcomm MDM9206 and MDM9640 vulnerable to CVE-2017-18139?
No, Qualcomm MDM9206 and MDM9640 are not vulnerable to CVE-2017-18139.