First published: Mon Aug 06 2018(Updated: )
In Snapdragon (Automobile ,Mobile) in version MSM8996AU, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, a crafted HLOS client can modify the structure in memory passed to a QSEE application between the time of check and the time of use, resulting in arbitrary writes to TZ kernel memory regions.
Credit: product-security@qualcomm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Android | ||
qualcomm MSM8996AU firmware | ||
Qualcomm MSM8996AU Firmware | ||
Qualcomm SD425 Firmware | ||
Qualcomm Snapdragon 425 | ||
Qualcomm SD 427 firmware | ||
Qualcomm SD427 Firmware | ||
Qualcomm SD 430 Firmware | ||
Qualcomm Snapdragon 430 | ||
Qualcomm Snapdragon 435 Firmware | ||
Qualcomm Snapdragon 435 | ||
Qualcomm SD 450 Firmware | ||
Qualcomm Snapdragon 450 | ||
Qualcomm SD 625 Firmware | ||
Qualcomm Snapdragon 625 | ||
Qualcomm SD 650 Firmware | ||
Qualcomm Snapdragon 650 | ||
Qualcomm SD 652 Firmware | ||
Qualcomm SD652 Firmware | ||
Qualcomm SD 820 Firmware | ||
Qualcomm Snapdragon 820 | ||
Qualcomm SD 820A firmware | ||
Qualcomm SD820A Firmware | ||
Qualcomm Snapdragon 835 | ||
Qualcomm Snapdragon 835 | ||
Qualcomm SDA660 | ||
Qualcomm SDA660 | ||
Qualcomm SDM429W | ||
Qualcomm SD429 | ||
Qualcomm SDM439 Firmware | ||
Qualcomm SDM439 Firmware | ||
Qualcomm SDM630 | ||
Qualcomm SDM630 Firmware | ||
Qualcomm SDM632 Firmware | ||
Qualcomm SDM632 Firmware | ||
Qualcomm SD 636 Firmware | ||
Qualcomm SDM636 Firmware | ||
Qualcomm SD660 Firmware | ||
Qualcomm Snapdragon 660 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2017-18302 is high with a severity value of 4.7.
To fix the vulnerability in CVE-2017-18302, ensure that you have installed the latest security updates and patches provided by the vendor.
CVE-2017-18302 affects Snapdragon (Automobile ,Mobile) in version MSM8996AU, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016.
The Common Weakness Enumeration (CWE) ID for CVE-2017-18302 is 362.
You can find more information about CVE-2017-18302 in the official Google Android security bulletin for August 2018.