CVE-2017-18302
Severity CVSS v4.0:
Pending analysis
Type:
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Publication date:
20/09/2018
Last modified:
23/11/2018
Description
In Snapdragon (Automobile ,Mobile) in version MSM8996AU, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, a crafted HLOS client can modify the structure in memory passed to a QSEE application between the time of check and the time of use, resulting in arbitrary writes to TZ kernel memory regions.
Impact
Base Score 3.x
4.70
Severity 3.x
MEDIUM
Base Score 2.0
4.70
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:qualcomm:sd425_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:qualcomm:sd425:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:qualcomm:sd427_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:qualcomm:sd427:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:qualcomm:sd430_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:qualcomm:sd430:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:qualcomm:sd435_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:qualcomm:sd435:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:qualcomm:sd450_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:qualcomm:sd450:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:qualcomm:sd625_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:qualcomm:sd625:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:qualcomm:sd650_firmware:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page