CVE-2017-18313
Last modified
CVE-2017-18313 is a vulnerability of currently unknown severity. Under certain mode of operations, HLOS may be able get direct or indirect access through DXE channels to tamper with the authenticated WCNSS firmware stored in DDR because DXE-accessible memory is located within the authenticated image in Snapdragon Mobile and Snapdragon Wear in version MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 617.. EPSS estimates a 0.26% chance of exploitation in the next 30 days.
Description
Under certain mode of operations, HLOS may be able get direct or indirect access through DXE channels to tamper with the authenticated WCNSS firmware stored in DDR because DXE-accessible memory is located within the authenticated image in Snapdragon Mobile and Snapdragon Wear in version MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 617.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Msm8909w Firmware | All versions |
| Qualcomm | Sd 210 Firmware | All versions |
| Qualcomm | Sd 212 Firmware | All versions |
| Qualcomm | Sd 205 Firmware | All versions |
| Qualcomm | Sd 410 Firmware | All versions |
| Qualcomm | Sd 412 Firmware | All versions |
| Qualcomm | Sd 615 Firmware | All versions |
| Qualcomm | Sd 616 Firmware | All versions |
| Qualcomm | Sd 415 Firmware | All versions |
| Qualcomm | Sd 617 Firmware | All versions |
References
- https://www.qualcomm.com/company/product-security/bulletinsVendor Advisory
- https://www.qualcomm.com/company/product-security/bulletinsVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-18313?
How severe is CVE-2017-18313?
How do I fix CVE-2017-18313?
Are you affected by CVE-2017-18313?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST