CVE-2017-18305
HIGHSnapdragon Mobile/Snapdragon Wear <MDM9206-SD 835 - Memory Corruption
Title source: llmDescription
XBL sec mem dump system call allows complete control of EL3 by unlocking all XPUs if enable fuse is not blown in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://www.qualcomm.com/company/product-security/bulletins
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1041432
Third Party Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components
Scores
CVSS v3
7.0
EPSS
0.0004
EPSS Percentile
13.8%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (7)
qualcomm/mdm9206_firmware
qualcomm/mdm9607_firmware
qualcomm/mdm9650_firmware
qualcomm/sd_205_firmware
qualcomm/sd_210_firmware
qualcomm/sd_212_firmware
qualcomm/sd_835_firmware
Published
Oct 23, 2018
Tracked Since
Feb 18, 2026