CVE-2017-18320 : QSEE unload attempt on a 3rd party TEE without previously loading results in a d

QSEE unload attempt on a 3rd party TEE without previously loading results in a data abort in snapdragon automobile and snapdragon mobile in versions MSM8996AU, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016, SXR1130.

Published 2019-01-03 15:29:01

Updated 2019-01-10 18:49:03

Source Qualcomm, Inc.

View at NVD, CVE.org

Vulnerability category: Input validation

Products affected by CVE-2017-18320

Qualcomm » Sd 410 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 410 » Version: N/A
Qualcomm » Sd 425 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 425 » Version: N/A
Qualcomm » Sd 430 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 430 » Version: N/A
Qualcomm » Sd 615 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 615 » Version: N/A
Qualcomm » Sd 415 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 415 » Version: N/A
Qualcomm » Sd 625 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 625 » Version: N/A
Qualcomm » Sd 650 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 650 » Version: N/A
Qualcomm » Sd 820 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 820 » Version: N/A
Qualcomm » Sd 835 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 835 » Version: N/A
Qualcomm » Sd 412 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 412 » Version: N/A
Qualcomm » Sd 616 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 616 » Version: N/A
Qualcomm » Sd 652 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 652 » Version: N/A
Qualcomm » Sd 450 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 450 » Version: N/A
Qualcomm » Sd 810 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 810 » Version: N/A
Qualcomm » Sd 820a Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 820a » Version: N/A
Qualcomm » Sd 427 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_427_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 427 » Version: N/A
Qualcomm » Sd 435 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_435_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 435 » Version: N/A
Qualcomm » Sdm630 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm630 » Version: N/A
Qualcomm » Sdm660 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm660 » Version: N/A
Qualcomm » Msm8996au Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8996au » Version: N/A
Qualcomm » Snapdragon High Med 2016 Firmware » Version: N/A
cpe:2.3:o:qualcomm:snapdragon_high_med_2016_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Snapdragon High Med 2016 » Version: N/A
Qualcomm » Sdm439 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm439_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm439 » Version: N/A
Qualcomm » Sda660 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sda660 » Version: N/A
Qualcomm » Sdx24 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdx24 » Version: N/A
Qualcomm » Sxr1130 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sxr1130_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sxr1130 » Version: N/A
Qualcomm » Sd 439 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_439_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 439 » Version: N/A
Qualcomm » Sd 429 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_429_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 429 » Version: N/A
Qualcomm » Sd 632 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_632_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 632 » Version: N/A
Qualcomm » Sd 636 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_636_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 636 » Version: N/A
Qualcomm » Sd 712 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_712_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 712 » Version: N/A
Qualcomm » Sd 710 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_710_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 710 » Version: N/A
Qualcomm » Sd 670 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_670_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 670 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2017-18320

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 8 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-18320

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2017-18320

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-18320

http://www.securityfocus.com/bid/106128

Qualcomm Closed-Source Components Multiple Unspecified Vulnerabilities
Third Party Advisory;VDB Entry

CVEs referencing this url
https://www.qualcomm.com/company/product-security/bulletins

Security Advisories | Product Security | Qualcomm
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2017-18320

Products affected by CVE-2017-18320

Exploit prediction scoring system (EPSS) score for CVE-2017-18320

CVSS scores for CVE-2017-18320

CWE ids for CVE-2017-18320

References for CVE-2017-18320