CVE-2017-18293 : When a particular GPIO is protected by blocking access to the corresponding GPIO

When a particular GPIO is protected by blocking access to the corresponding GPIO resource registers, the protection can be bypassed using the corresponding banked GPIO registers instead in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660.

Published 2018-10-23 13:29:01

Updated 2019-10-03 00:03:26

Source Qualcomm, Inc.

View at NVD, CVE.org

Products affected by CVE-2017-18293

Qualcomm » Mdm9206 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9206 » Version: N/A
Qualcomm » Mdm9607 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9607 » Version: N/A
Qualcomm » Mdm9650 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9650 » Version: N/A
Qualcomm » Sd 210 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 210 » Version: N/A
Qualcomm » Sd 212 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 212 » Version: N/A
Qualcomm » Sd 425 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 425 » Version: N/A
Qualcomm » Sd 430 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 430 » Version: N/A
Qualcomm » Sd 625 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 625 » Version: N/A
Qualcomm » Sd 650 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 650 » Version: N/A
Qualcomm » Sd 835 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 835 » Version: N/A
Qualcomm » Sd 652 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 652 » Version: N/A
Qualcomm » Sd 205 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 205 » Version: N/A
Qualcomm » Sd 450 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 450 » Version: N/A
Qualcomm » Sda660 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sda660 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2017-18293

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 14 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-18293

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2017-18293

http://www.securitytracker.com/id/1041432

Google Android Multiple Flaws Let Remote Users Execute Arbitrary Code and Let Applications Gain Elevated Privileges and Obtain Potentially Sensitive Information - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
https://www.qualcomm.com/company/product-security/bulletins

Security Advisories | Product Security | Qualcomm
Vendor Advisory

CVEs referencing this url
https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components

Android Security Bulletin—August 2018 | Android Open Source Project
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2017-18293

Products affected by CVE-2017-18293

Exploit prediction scoring system (EPSS) score for CVE-2017-18293

CVSS scores for CVE-2017-18293

References for CVE-2017-18293