CVE-2017-18292: Input Validation
First published: Mon Aug 06 2018(Updated: )
Secure app running in non secure space can restart TZ by calling Widevine app API repeatedly in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A.
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Android | ||
| Google Android | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Msm8996au | ||
| Qualcomm Sd 210 Firmware | ||
| Qualcomm Sd 210 | ||
| Qualcomm Sd 212 Firmware | ||
| Qualcomm Sd 212 | ||
| Qualcomm Sd 205 Firmware | ||
| Qualcomm Sd 205 | ||
| Qualcomm Sd 410 Firmware | ||
| Google Android | ||
| Qualcomm Sd 412 Firmware | ||
| Qualcomm Sd 412 | ||
| Qualcomm Sd 425 Firmware | ||
| Qualcomm Sd 425 | ||
| Qualcomm Sd 430 Firmware | ||
| Google Android | ||
| Qualcomm Sd 450 Firmware | ||
| Qualcomm Sd 450 | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Sd 616 Firmware | ||
| Qualcomm Sd 616 | ||
| Qualcomm Sd 415 Firmware | ||
| Qualcomm Sd 415 | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Sd 625 Firmware | ||
| Qualcomm Sd 625 | ||
| Google Android | ||
| Qualcomm Sd 650 | ||
| Google Android | ||
| Qualcomm Sd 652 | ||
| Qualcomm Sd 800 Firmware | ||
| Qualcomm Sd 800 | ||
| Google Android | ||
| Qualcomm Sd 810 | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Sd 820a Firmware | ||
| Qualcomm Sd 820a |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://source.android.com/docs/security/bulletin/2018-08-01/#asterisk
- https://source.android.com/docs/security/bulletin/2018-08-01 (Advisory)
- http://www.securitytracker.com/id/1041432
- https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components
- https://www.qualcomm.com/company/product-security/bulletins
Frequently Asked Questions
What is CVE-2017-18292?
CVE-2017-18292 is a vulnerability in Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear that allows a secure app running in a non-secure space to restart TZ by calling Widevine app API repeatedly.
How severe is CVE-2017-18292?
CVE-2017-18292 has a severity rating of 5.5, which is considered high.
Which software versions are affected by CVE-2017-18292?
CVE-2017-18292 affects Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800.
How can I fix CVE-2017-18292?
To fix CVE-2017-18292, it is recommended to apply the patches provided by the vendor.
Where can I find more information about CVE-2017-18292?
More information about CVE-2017-18292 can be found on the official Android security bulletin for August 2018.
- collector/android-source
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/tags
- agent/type
- agent/description
- agent/event
- vendor/google
- canonical/google android
- vendor/qualcomm
- canonical/qualcomm msm8996au
- canonical/qualcomm sd 210 firmware
- canonical/qualcomm sd 210
- canonical/qualcomm sd 212 firmware
- canonical/qualcomm sd 212
- canonical/qualcomm sd 205 firmware
- canonical/qualcomm sd 205
- canonical/qualcomm sd 410 firmware
- canonical/qualcomm sd 412 firmware
- canonical/qualcomm sd 412
- canonical/qualcomm sd 425 firmware
- canonical/qualcomm sd 425
- canonical/qualcomm sd 430 firmware
- canonical/qualcomm sd 450 firmware
- canonical/qualcomm sd 450
- canonical/qualcomm sd 616 firmware
- canonical/qualcomm sd 616
- canonical/qualcomm sd 415 firmware
- canonical/qualcomm sd 415
- canonical/qualcomm sd 625 firmware
- canonical/qualcomm sd 625
- canonical/qualcomm sd 650
- canonical/qualcomm sd 652
- canonical/qualcomm sd 800 firmware
- canonical/qualcomm sd 800
- canonical/qualcomm sd 810
- canonical/qualcomm sd 820a firmware
- canonical/qualcomm sd 820a