CVE-2017-18129

CRITICAL

Qualcomm Mdm9206 Firmware - Exposure to Wrong Actor

Title source: rule

Description

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9206, MDM9607, SD 845, MSM8996, MSM8998, it is possible for IPA (internet protocol accelerator) channels owned by one security domain to be controlled from other domains.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/103671

[Vendor Advisory] https://source.android.com/security/bulletin/2018-04-01

Scores

CVSS v3 9.8

EPSS 0.0021

EPSS Percentile 42.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-668

Status published

Affected Products (5)

qualcomm/mdm9206_firmware

qualcomm/mdm9607_firmware

qualcomm/msm8996_firmware

qualcomm/msm8998_firmware

qualcomm/sd_845_firmware

Timeline

Published Apr 11, 2018

Tracked Since Feb 18, 2026