What is the severity of CVE-2017-18160?

CVE-2017-18160 has been classified with a medium severity rating due to potential impacts on AGPS session failures.

How do I fix CVE-2017-18160?

To fix CVE-2017-18160, manually update the hardcoded cyphersuites in the affected Snapdragon firmware versions.

Which devices are affected by CVE-2017-18160?

CVE-2017-18160 affects devices using Snapdragon mobile and wear chipsets, including MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 835, SD 845, and SD 850.

What types of attacks can CVE-2017-18160 enable?

CVE-2017-18160 may potentially allow attackers to intercept or manipulate GPS data due to session failures.

Is CVE-2017-18160 related to Google Android?

Yes, CVE-2017-18160 impacts Google Android systems that utilize the specified Snapdragon chipsets.

Vulnerability/
CVE-2017-18160

critical

CWE

310

3/12/2018

18/1/2019

26/8/2024

CVE-2017-18160

First published: Mon Dec 03 2018(Updated: )

AGPS session failure in GNSS module due to cyphersuites are hardcoded and needed manual update everytime in snapdragon mobile and snapdragon wear in versions MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 835, SD 845, SD 850

Credit: product-security@qualcomm.com

Affected Software	Affected Version	How to fix
Qualcomm MDM9635M firmware
Qualcomm MDM9635M
qualcomm mdm9645 firmware
qualcomm mdm9645
Qualcomm MDM9650 firmware
Qualcomm MDM9650
Qualcomm MDM9655 firmware
Qualcomm MDM9655
Qualcomm MSM8909W
Qualcomm MSM8909W
qualcomm SD 835 firmware
qualcomm SD 835
qualcomm SD 845 firmware
qualcomm SD 845
qualcomm SD 850 firmware
qualcomm SD 850
Android

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-18160?
CVE-2017-18160 has been classified with a medium severity rating due to potential impacts on AGPS session failures.
How do I fix CVE-2017-18160?
To fix CVE-2017-18160, manually update the hardcoded cyphersuites in the affected Snapdragon firmware versions.
Which devices are affected by CVE-2017-18160?
CVE-2017-18160 affects devices using Snapdragon mobile and wear chipsets, including MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 835, SD 845, and SD 850.
What types of attacks can CVE-2017-18160 enable?
CVE-2017-18160 may potentially allow attackers to intercept or manipulate GPS data due to session failures.
Is CVE-2017-18160 related to Google Android?
Yes, CVE-2017-18160 impacts Google Android systems that utilize the specified Snapdragon chipsets.

agent/references
agent/type
agent/first-publish-date
agent/weakness
agent/severity
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/event
agent/last-modified-date
agent/source
collector/nvd-index
agent/software-canonical-lookup-request
agent/tags
collector/android-source
source/Android
agent/software-canonical-lookup
agent/softwarecombine
vendor/qualcomm
canonical/qualcomm mdm9635m firmware
canonical/qualcomm mdm9635m
canonical/qualcomm mdm9645 firmware
canonical/qualcomm mdm9645
canonical/qualcomm mdm9650 firmware
canonical/qualcomm mdm9650
canonical/qualcomm mdm9655 firmware
canonical/qualcomm mdm9655
canonical/qualcomm msm8909w
canonical/qualcomm sd 835 firmware
canonical/qualcomm sd 835
canonical/qualcomm sd 845 firmware
canonical/qualcomm sd 845
canonical/qualcomm sd 850 firmware
canonical/qualcomm sd 850
vendor/google
canonical/android

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.