CVE-2017-18311
HIGHQualcomm Snapdragon Firmware - Privilege Escalation via XPU Master Configuration Ports
Title source: llmDescription
XPU Master privilege escalation is possible due to improper access control of unused configuration xPU ports where unused configuration ports are open in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.qualcomm.com/company/product-security/bulletins
Scores
CVSS v3
7.8
EPSS
0.0009
EPSS Percentile
26.1%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (35)
qualcomm/mdm9607_firmware
qualcomm/mdm9635m_firmware
qualcomm/mdm9640_firmware
qualcomm/mdm9645_firmware
qualcomm/mdm9650_firmware
qualcomm/mdm9655_firmware
qualcomm/msm8909w_firmware
qualcomm/msm8996au_firmware
qualcomm/sd_205_firmware
qualcomm/sd_210_firmware
... and 25 more
Published
Oct 26, 2018
Tracked Since
Feb 18, 2026