Lucene search

[email protected]CVE-2017-15841

HistoryMay 06, 2019 - 11:29 p.m.

CVE-2017-15841

2019-05-0623:29:00

[email protected]

web.nvd.nist.gov

cve-2017-15841

snapdragon

ram dump

fw reset

nvd

security issue

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

When HOST sends a Special command ID packet, Controller triggers a RAM Dump and FW reset in Snapdragon Mobile in version SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, Snapdragon_High_Med_2016.

Affected configurations

NVD

Node

qualcommsd_410_firmwareMatch-

AND

qualcommsd_410Match-

Node

qualcommsd_412_firmwareMatch-

AND

qualcommsd_412Match-

Node

qualcommsd_425_firmwareMatch-

AND

qualcommsd_425Match-

Node

qualcommsd_427_firmwareMatch-

AND

qualcommsd_427Match-

Node

qualcommsd_430_firmwareMatch-

AND

qualcommsd_430Match-

Node

qualcommsd_435_firmwareMatch-

AND

qualcommsd_435Match-

Node

qualcommsd_450_firmwareMatch-

AND

qualcommsd_450Match-

Node

qualcommsd_615_firmwareMatch-

AND

qualcommsd_615Match-

Node

qualcommsd_616_firmwareMatch-

AND

qualcommsd_616Match-

Node

qualcommsd_415_firmwareMatch-

AND

qualcommsd_415Match-

Node

qualcommsd_625_firmwareMatch-

AND

qualcommsd_625Match-

Node

qualcommsd_650_firmwareMatch-

AND

qualcommsd_650Match-

Node

qualcommsd_652_firmwareMatch-

AND

qualcommsd_652Match-

Node

qualcommsd_820_firmwareMatch-

AND

qualcommsd_820Match-

Node

qualcommsd_835_firmwareMatch-

AND

qualcommsd_835Match-

Node

qualcommsnapdragon_high_med_2016_firmwareMatch-

AND

qualcommsnapdragon_high_med_2016Match-

CPENameOperatorVersion
qualcomm:sd_410_firmwarequalcomm sd 410 firmwareeq-

CPE	Name	Operator	Version
qualcomm:sd_410_firmware	qualcomm sd 410 firmware	eq	-

CNA Affected

[
  {
    "product": "Snapdragon Mobile",
    "vendor": "Qualcomm Technologies, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "SD 410/12"
      },
      {
        "status": "affected",
        "version": "SD 425"
      },
      {
        "status": "affected",
        "version": "SD 427"
      },
      {
        "status": "affected",
        "version": "SD 430"
      },
      {
        "status": "affected",
        "version": "SD 435"
      },
      {
        "status": "affected",
        "version": "SD 450"
      },
      {
        "status": "affected",
        "version": "SD 615/16/SD 415"
      },
      {
        "status": "affected",
        "version": "SD 625"
      },
      {
        "status": "affected",
        "version": "SD 650/52"
      },
      {
        "status": "affected",
        "version": "SD 820"
      },
      {
        "status": "affected",
        "version": "SD 835"
      },
      {
        "status": "affected",
        "version": "Snapdragon_High_Med_2016"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2017-15841

nvd1 prion1 cvelist1