CVE-2017-11076 - Vulnerability Details

On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware which can lead to an invalid memory access by the decoder.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00207.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Qualcomm, Inc.

Snapdragon

unaffected

Version	Status	Constraints
`MSM8909W`	affected	—
`MSM8996AU`	affected	—
`SD 210/SD 212/SD 205`	affected	—
`SD 425`	affected	—
`SD 427`	affected	—
`SD 430`	affected	—
`SD 435`	affected	—
`SD 450`	affected	—
`SD 615/16/SD 415`	affected	—
`SD 625`	affected	—
`SD 810`	affected	—
`SD 820`	affected	—
`SD 820A`	affected	—
`SD 835`	affected	—
`SD 845`	affected	—
`SDM429`	affected	—
`SDM439`	affected	—
`SDM630`	affected	—
`SDM632`	affected	—
`SDM636`	affected	—
`SDM660`	affected	—
`SDM710`	affected	—
`Snapdragon_High_Med_2016`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:qualcomm:sd_427_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_427:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:qualcomm:sd_435_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_435:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:qualcomm:sdm429_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdm429:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:qualcomm:sdm439_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdm439:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdm630:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:qualcomm:sdm632_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdm632:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:qualcomm:sdm636_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdm636:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdm660:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:qualcomm:sdm710_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdm710:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:qualcomm:snapdragon_high_med_2016_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:snapdragon_high_med_2016:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Qualcomm Subscribe	Msm8909w Subscribe Msm8909w Firmware Subscribe Msm8996au Subscribe Msm8996au Firmware Subscribe Sd 205 Subscribe Sd 205 Firmware Subscribe Sd 210 Subscribe Sd 210 Firmware Subscribe Sd 212 Subscribe Sd 212 Firmware Subscribe Sd 415 Subscribe Sd 415 Firmware Subscribe Sd 425 Subscribe Sd 425 Firmware Subscribe Sd 427 Subscribe Sd 427 Firmware Subscribe Sd 430 Subscribe Sd 430 Firmware Subscribe Sd 435 Subscribe Sd 435 Firmware Subscribe Sd 450 Subscribe Sd 450 Firmware Subscribe Sd 615 Subscribe Sd 615 Firmware Subscribe Sd 616 Subscribe Sd 616 Firmware Subscribe Sd 625 Subscribe Sd 625 Firmware Subscribe Sd 810 Subscribe Sd 810 Firmware Subscribe Sd 820 Subscribe Sd 820 Firmware Subscribe Sd 820a Subscribe Sd 820a Firmware Subscribe Sd 835 Subscribe Sd 835 Firmware Subscribe Sd 845 Subscribe Sd 845 Firmware Subscribe Sdm429 Subscribe Sdm429 Firmware Subscribe Sdm439 Subscribe Sdm439 Firmware Subscribe Sdm630 Subscribe Sdm630 Firmware Subscribe Sdm632 Subscribe Sdm632 Firmware Subscribe Sdm636 Subscribe Sdm636 Firmware Subscribe Sdm660 Subscribe Sdm660 Firmware Subscribe Sdm710 Subscribe Sdm710 Firmware Subscribe Snapdragon High Med 2016 Subscribe Snapdragon High Med 2016 Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2017-2713	On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware which can lead to an invalid memory access by the decoder.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html

History

Thu, 09 Jan 2025 21:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Qualcomm Qualcomm msm8909w Qualcomm msm8909w Firmware Qualcomm msm8996au Qualcomm msm8996au Firmware Qualcomm sd 205 Qualcomm sd 205 Firmware Qualcomm sd 210 Qualcomm sd 210 Firmware Qualcomm sd 212 Qualcomm sd 212 Firmware Qualcomm sd 415 Qualcomm sd 415 Firmware Qualcomm sd 425 Qualcomm sd 425 Firmware Qualcomm sd 427 Qualcomm sd 427 Firmware Qualcomm sd 430 Qualcomm sd 430 Firmware Qualcomm sd 435 Qualcomm sd 435 Firmware Qualcomm sd 450 Qualcomm sd 450 Firmware Qualcomm sd 615 Qualcomm sd 615 Firmware Qualcomm sd 616 Qualcomm sd 616 Firmware Qualcomm sd 625 Qualcomm sd 625 Firmware Qualcomm sd 810 Qualcomm sd 810 Firmware Qualcomm sd 820 Qualcomm sd 820 Firmware Qualcomm sd 820a Qualcomm sd 820a Firmware Qualcomm sd 835 Qualcomm sd 835 Firmware Qualcomm sd 845 Qualcomm sd 845 Firmware Qualcomm sdm429 Qualcomm sdm429 Firmware Qualcomm sdm439 Qualcomm sdm439 Firmware Qualcomm sdm630 Qualcomm sdm630 Firmware Qualcomm sdm632 Qualcomm sdm632 Firmware Qualcomm sdm636 Qualcomm sdm636 Firmware Qualcomm sdm660 Qualcomm sdm660 Firmware Qualcomm sdm710 Qualcomm sdm710 Firmware Qualcomm snapdragon High Med 2016 Qualcomm snapdragon High Med 2016 Firmware
Weaknesses		CWE-119
CPEs		cpe:2.3:h:qualcomm:msm8909w:-:::::::* cpe:2.3:h:qualcomm:msm8996au:-:::::::* cpe:2.3:h:qualcomm:sd_205:-:::::::* cpe:2.3:h:qualcomm:sd_210:-:::::::* cpe:2.3:h:qualcomm:sd_212:-:::::::* cpe:2.3:h:qualcomm:sd_415:-:::::::* cpe:2.3:h:qualcomm:sd_425:-:::::::* cpe:2.3:h:qualcomm:sd_427:-:::::::* cpe:2.3:h:qualcomm:sd_430:-:::::::* cpe:2.3:h:qualcomm:sd_435:-:::::::* cpe:2.3:h:qualcomm:sd_450:-:::::::* cpe:2.3:h:qualcomm:sd_615:-:::::::* cpe:2.3:h:qualcomm:sd_616:-:::::::* cpe:2.3:h:qualcomm:sd_625:-:::::::* cpe:2.3:h:qualcomm:sd_810:-:::::::* cpe:2.3:h:qualcomm:sd_820:-:::::::* cpe:2.3:h:qualcomm:sd_820a:-:::::::* cpe:2.3:h:qualcomm:sd_835:-:::::::* cpe:2.3:h:qualcomm:sd_845:-:::::::* cpe:2.3:h:qualcomm:sdm429:-:::::::* cpe:2.3:h:qualcomm:sdm439:-:::::::* cpe:2.3:h:qualcomm:sdm630:-:::::::* cpe:2.3:h:qualcomm:sdm632:-:::::::* cpe:2.3:h:qualcomm:sdm636:-:::::::* cpe:2.3:h:qualcomm:sdm660:-:::::::* cpe:2.3:h:qualcomm:sdm710:-:::::::* cpe:2.3:h:qualcomm:snapdragon_high_med_2016:-:::::::* cpe:2.3:o:qualcomm:msm8909w_firmware:-:::::::* cpe:2.3:o:qualcomm:msm8996au_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_205_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_210_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_212_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_415_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_425_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_427_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_430_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_435_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_450_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_615_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_616_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_625_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_810_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_820_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_820a_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_835_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_845_firmware:-:::::::* cpe:2.3:o:qualcomm:sdm429_firmware:-:::::::* cpe:2.3:o:qualcomm:sdm439_firmware:-:::::::* cpe:2.3:o:qualcomm:sdm630_firmware:-:::::::* cpe:2.3:o:qualcomm:sdm632_firmware:-:::::::* cpe:2.3:o:qualcomm:sdm636_firmware:-:::::::* cpe:2.3:o:qualcomm:sdm660_firmware:-:::::::* cpe:2.3:o:qualcomm:sdm710_firmware:-:::::::* cpe:2.3:o:qualcomm:snapdragon_high_med_2016_firmware:-:::::::*
Vendors & Products		Qualcomm Qualcomm msm8909w Qualcomm msm8909w Firmware Qualcomm msm8996au Qualcomm msm8996au Firmware Qualcomm sd 205 Qualcomm sd 205 Firmware Qualcomm sd 210 Qualcomm sd 210 Firmware Qualcomm sd 212 Qualcomm sd 212 Firmware Qualcomm sd 415 Qualcomm sd 415 Firmware Qualcomm sd 425 Qualcomm sd 425 Firmware Qualcomm sd 427 Qualcomm sd 427 Firmware Qualcomm sd 430 Qualcomm sd 430 Firmware Qualcomm sd 435 Qualcomm sd 435 Firmware Qualcomm sd 450 Qualcomm sd 450 Firmware Qualcomm sd 615 Qualcomm sd 615 Firmware Qualcomm sd 616 Qualcomm sd 616 Firmware Qualcomm sd 625 Qualcomm sd 625 Firmware Qualcomm sd 810 Qualcomm sd 810 Firmware Qualcomm sd 820 Qualcomm sd 820 Firmware Qualcomm sd 820a Qualcomm sd 820a Firmware Qualcomm sd 835 Qualcomm sd 835 Firmware Qualcomm sd 845 Qualcomm sd 845 Firmware Qualcomm sdm429 Qualcomm sdm429 Firmware Qualcomm sdm439 Qualcomm sdm439 Firmware Qualcomm sdm630 Qualcomm sdm630 Firmware Qualcomm sdm632 Qualcomm sdm632 Firmware Qualcomm sdm636 Qualcomm sdm636 Firmware Qualcomm sdm660 Qualcomm sdm660 Firmware Qualcomm sdm710 Qualcomm sdm710 Firmware Qualcomm snapdragon High Med 2016 Qualcomm snapdragon High Med 2016 Firmware

Tue, 26 Nov 2024 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 26 Nov 2024 09:15:00 +0000

Type	Values Removed	Values Added
Description		On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware which can lead to an invalid memory access by the decoder.
Title		Use of Out-of-range Pointer Offset in Video
Weaknesses		CWE-823
References		https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2024-11-26T08:55:15.692Z

Updated: 2024-11-26T14:09:23.728Z

Reserved: 2017-07-07T00:00:00.000Z

Link: CVE-2017-11076

Vulnrichment

Updated: 2024-11-26T14:02:43.366Z

NVD

Status : Analyzed

Published: 2024-11-26T09:15:04.347

Modified: 2025-01-09T21:02:48.820

Link: CVE-2017-11076

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object