CVE-2017-18141
HIGHSnapdragon Automobile/Mobile/Wear <multiple - Privilege Escalation
Title source: llmDescription
When a 3rd party TEE has been loaded it is possible for the non-secure world to create a secure monitor call which will give it access to privileged functions meant to only be accessible from the TEE in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.qualcomm.com/company/product-security/bulletins
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106128
Scores
CVSS v3
7.8
EPSS
0.0004
EPSS Percentile
11.5%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (34)
qualcomm/ipq8074_firmware
qualcomm/mdm9206_firmware
qualcomm/mdm9607_firmware
qualcomm/mdm9635m_firmware
qualcomm/mdm9650_firmware
qualcomm/mdm9655_firmware
qualcomm/msm8996au_firmware
qualcomm/sd_205_firmware
qualcomm/sd_210_firmware
qualcomm/sd_212_firmware
... and 24 more
Published
Jan 03, 2019
Tracked Since
Feb 18, 2026