CVE-2017-18294 Vulnerability Details

  /     /     /  

CVE-2017-18294 Metadata Quick Info

CVE Published: 23/10/2018 | CVE Updated: 05/08/2024 | CVE Year: 2017
Source: qualcomm | Vendor: Qualcomm, Inc. | Product: Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
Status : PUBLISHED

---

CVE-2017-18294 Description

While reading file class type from ELF header, a buffer overread may happen if the ELF file size is less than the size of ELF64 header size in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Improper Input Validation in QSEECOM Driver
Source: Qualcomm, Inc.

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).