CVE-2017-18283: Buffer Overflow
First published: Mon Aug 06 2018(Updated: )
Possible memory corruption when Read Val Blob Req is received with invalid parameters in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 625, SD 835, SD 845, SD 850, SDA660.
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Android | ||
| Qualcomm QCA9379 | ||
| Qualcomm QCA9379 | ||
| Qualcomm SD210 Firmware | ||
| Qualcomm SD210 Firmware | ||
| Qualcomm SD 212 | ||
| Qualcomm SD 212 Firmware | ||
| Qualcomm SD205 Firmware | ||
| Qualcomm SD205 Firmware | ||
| Qualcomm SD 625 Firmware | ||
| Qualcomm Snapdragon 625 | ||
| Qualcomm SD835 Firmware | ||
| Qualcomm Snapdragon 835 | ||
| Qualcomm SDA845 Firmware | ||
| Qualcomm SD845 | ||
| Qualcomm SD850 Firmware | ||
| Qualcomm SD850 | ||
| Qualcomm SDA660 | ||
| Qualcomm SDA660 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://source.android.com/docs/security/bulletin/2018-08-01/#asterisk
- https://source.android.com/docs/security/bulletin/2018-08-01 (Advisory)
- http://www.securitytracker.com/id/1041432
- https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components
- https://www.qualcomm.com/company/product-security/bulletins
Frequently Asked Questions
What is the severity of CVE-2017-18283?
CVE-2017-18283 is considered a high-severity vulnerability due to the potential for memory corruption in affected Snapdragon devices.
How do I fix CVE-2017-18283?
To mitigate CVE-2017-18283, users should apply firmware updates provided by Qualcomm for the affected devices.
Which devices are affected by CVE-2017-18283?
CVE-2017-18283 affects various Snapdragon Mobile devices including QCA9379, SD 210, SD 212, SD 205, SD 625, SD 835, SD 845, SD 850, and SDA660.
What kind of security risk does CVE-2017-18283 pose?
CVE-2017-18283 poses a security risk of potential memory corruption, which could be exploited to execute arbitrary code.
Is CVE-2017-18283 relevant for Android users?
Yes, CVE-2017-18283 is relevant for Android users on devices utilizing affected Snapdragon chipsets, potentially compromising device security.
- agent/type
- agent/first-publish-date
- agent/references
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/event
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/google
- canonical/android
- vendor/qualcomm
- canonical/qualcomm qca9379
- canonical/qualcomm sd210 firmware
- canonical/qualcomm sd 212
- canonical/qualcomm sd 212 firmware
- canonical/qualcomm sd205 firmware
- canonical/qualcomm sd 625 firmware
- canonical/qualcomm snapdragon 625
- canonical/qualcomm sd835 firmware
- canonical/qualcomm snapdragon 835
- canonical/qualcomm sda845 firmware
- canonical/qualcomm sd845
- canonical/qualcomm sd850 firmware
- canonical/qualcomm sd850
- canonical/qualcomm sda660