Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-18305

XBL sec mem dump system call allows complete control of EL3 by unlocking all XPUs if enable fuse is not blown in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835.

Published

2018-10-23T13:29:02.557

Last Modified

2024-11-21T03:19:49.173

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.0 (HIGH)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.4

Impact Score

10.0

Weaknesses
  • Type: Primary
    NVD-CWE-noinfo
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System qualcomm mdm9206_firmware - Yes
Hardware qualcomm mdm9206 - No
Operating System qualcomm mdm9607_firmware - Yes
Hardware qualcomm mdm9607 - No
Operating System qualcomm mdm9650_firmware - Yes
Hardware qualcomm mdm9650 - No
Operating System qualcomm sd_210_firmware - Yes
Hardware qualcomm sd_210 - No
Operating System qualcomm sd_212_firmware - Yes
Hardware qualcomm sd_212 - No
Operating System qualcomm sd_205_firmware - Yes
Hardware qualcomm sd_205 - No
Operating System qualcomm sd_835_firmware - Yes
Hardware qualcomm sd_835 - No
References