CVE-2017-18313 Information

Description

Under certain mode of operations HLOS may be able get direct or indirect access through DXE channels to tamper with the authenticated WCNSS firmware stored in DDR because DXE-accessible memory is located within the authenticated image in Snapdragon Mobile and Snapdragon Wear in version MSM8909W SD 210/SD 212/SD 205 SD 410/12 SD 615/16/SD 415 SD 617.

CVSS Vector

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Reference

https://source.android.com/security/bulletin/2018-09-01qualcomm-closed-source-components https://www.qualcomm.com/company/product-security/bulletins

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

5.3