CVE-2017-18292

MEDIUM

Qualcomm Snapdragon Firmware - Denial of Service via Widevine API

Title source: llm

Description

Secure app running in non secure space can restart TZ by calling Widevine app API repeatedly in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A.

References (3)

Core 3

Core References

Vendor Advisory x_refsource_confirm

https://www.qualcomm.com/company/product-security/bulletins

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1041432

Third Party Advisory x_refsource_confirm

https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components

Scores

CVSS v3 5.5

EPSS 0.0005

EPSS Percentile 16.8%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-20

Status published

Products (21)

qualcomm/msm8909w_firmware

qualcomm/msm8996au_firmware

qualcomm/sd_205_firmware

qualcomm/sd_210_firmware

qualcomm/sd_212_firmware

qualcomm/sd_410_firmware

qualcomm/sd_412_firmware

qualcomm/sd_415_firmware

qualcomm/sd_425_firmware

qualcomm/sd_430_firmware

... and 11 more

Published Oct 23, 2018

Tracked Since Feb 18, 2026