VAR-201810-0039
Vulnerability from variot - Updated: 2024-11-23 20:14Insufficient memory allocation in boot due to incorrect size being passed could result in out of bounds access in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660 and SDX20. Snapdragon Automobile , Snapdragon Mobile , Snapdragon Wear Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9640 is a central processing unit (CPU) product of Qualcomm (Qualcomm). A buffer error vulnerability exists in Power in several Qualcomm products, which is caused by the program not fully allocating memory. An attacker could exploit this vulnerability to crash the application
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "sda660",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 625",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 810",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 820",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 650",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 835",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 820a",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 415",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sdx20",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 652",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "msm8996au",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 205",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 212",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 617",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 425",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "mdm9607",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 615",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "mdm9650",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "mdm9206",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 450",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 616",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "mdm9640",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "msm8909w",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "fsm9055",
"scope": "eq",
"trust": 1.0,
"vendor": "qaulcomm",
"version": null
},
{
"_id": null,
"model": "sd 430",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 210",
"scope": "eq",
"trust": 1.0,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "fsm9055",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "mdm9206",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "msm8909w",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "msm8996au",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 205",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sd 820a",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sda 660",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"_id": null,
"model": "sdx20",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014313"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1163"
},
{
"db": "NVD",
"id": "CVE-2017-18304"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:qualcomm:fsm9055_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:mdm9206_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:msm8909w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:msm8996au_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:sd_205_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:sd_820a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:sda_660_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:qualcomm:sdx20_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014313"
}
]
},
"cve": "CVE-2017-18304",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-18304",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-109413",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2017-18304",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-18304",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-18304",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-1163",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-109413",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-18304",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-109413"
},
{
"db": "VULMON",
"id": "CVE-2017-18304"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014313"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1163"
},
{
"db": "NVD",
"id": "CVE-2017-18304"
}
]
},
"description": {
"_id": null,
"data": "Insufficient memory allocation in boot due to incorrect size being passed could result in out of bounds access in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660 and SDX20. Snapdragon Automobile , Snapdragon Mobile , Snapdragon Wear Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9640 is a central processing unit (CPU) product of Qualcomm (Qualcomm). A buffer error vulnerability exists in Power in several Qualcomm products, which is caused by the program not fully allocating memory. An attacker could exploit this vulnerability to crash the application",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-18304"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014313"
},
{
"db": "VULHUB",
"id": "VHN-109413"
},
{
"db": "VULMON",
"id": "CVE-2017-18304"
}
],
"trust": 1.8
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2017-18304",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1041432",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014313",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1163",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-109413",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-18304",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-109413"
},
{
"db": "VULMON",
"id": "CVE-2017-18304"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014313"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1163"
},
{
"db": "NVD",
"id": "CVE-2017-18304"
}
]
},
"id": "VAR-201810-0039",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-109413"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:14:00.814000Z",
"patch": {
"_id": null,
"data": [
{
"title": "October 2018 Qualcomm Technologies, Inc. Security Bulletin",
"trust": 0.8,
"url": "https://www.qualcomm.com/company/product-security/bulletins"
},
{
"title": "Multiple Qualcomm Snapdragon product Power Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86261"
},
{
"title": "Android Security Bulletins: Android Security Bulletin\u2014August 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=746dc14fcd3f5e139648cfdc9d9039a9"
},
{
"title": "SamsungReleaseNotes",
"trust": 0.1,
"url": "https://github.com/samreleasenotes/SamsungReleaseNotes "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-18304"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014313"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1163"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-125",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-109413"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014313"
},
{
"db": "NVD",
"id": "CVE-2017-18304"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.8,
"url": "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components"
},
{
"trust": 1.8,
"url": "https://www.qualcomm.com/company/product-security/bulletins"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1041432"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18304"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18304"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://source.android.com/security/bulletin/2018-08-01.html"
},
{
"trust": 0.1,
"url": "https://github.com/samreleasenotes/samsungreleasenotes"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-109413"
},
{
"db": "VULMON",
"id": "CVE-2017-18304"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014313"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1163"
},
{
"db": "NVD",
"id": "CVE-2017-18304"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-109413",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2017-18304",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014313",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1163",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2017-18304",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-10-23T00:00:00",
"db": "VULHUB",
"id": "VHN-109413",
"ident": null
},
{
"date": "2018-10-23T00:00:00",
"db": "VULMON",
"id": "CVE-2017-18304",
"ident": null
},
{
"date": "2019-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014313",
"ident": null
},
{
"date": "2018-10-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1163",
"ident": null
},
{
"date": "2018-10-23T13:29:02.430000",
"db": "NVD",
"id": "CVE-2017-18304",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-12-10T00:00:00",
"db": "VULHUB",
"id": "VHN-109413",
"ident": null
},
{
"date": "2018-12-10T00:00:00",
"db": "VULMON",
"id": "CVE-2017-18304",
"ident": null
},
{
"date": "2019-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014313",
"ident": null
},
{
"date": "2020-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1163",
"ident": null
},
{
"date": "2024-11-21T03:19:49.023000",
"db": "NVD",
"id": "CVE-2017-18304",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1163"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "plural Snapdragon Product out-of-bounds vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014313"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1163"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…