CVE-2017-17772 - Vulnerability Details

In multiple functions that process 802.11 frames, out-of-bounds reads can occur due to insufficient validation.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00153.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Qualcomm, Inc.

Snapdragon

unaffected

Version	Status	Constraints
`SD 450`	affected	—
`SD 625`	affected	—
`SD 820`	affected	—
`SD 820A`	affected	—
`SD 835`	affected	—
`SD 845`	affected	—
`SD 850`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Qualcomm Subscribe	Sd 450 Subscribe Sd 450 Firmware Subscribe Sd 625 Subscribe Sd 625 Firmware Subscribe Sd 820 Subscribe Sd 820 Firmware Subscribe Sd 820a Subscribe Sd 820a Firmware Subscribe Sd 835 Subscribe Sd 835 Firmware Subscribe Sd 845 Subscribe Sd 845 Firmware Subscribe Sd 850 Subscribe Sd 850 Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2017-8923	In multiple functions that process 802.11 frames, out-of-bounds reads can occur due to insufficient validation.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html

History

Thu, 09 Jan 2025 21:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Qualcomm Qualcomm sd 450 Qualcomm sd 450 Firmware Qualcomm sd 625 Qualcomm sd 625 Firmware Qualcomm sd 820 Qualcomm sd 820 Firmware Qualcomm sd 820a Qualcomm sd 820a Firmware Qualcomm sd 835 Qualcomm sd 835 Firmware Qualcomm sd 845 Qualcomm sd 845 Firmware Qualcomm sd 850 Qualcomm sd 850 Firmware
Weaknesses		CWE-125
CPEs		cpe:2.3:h:qualcomm:sd_450:-:::::::* cpe:2.3:h:qualcomm:sd_625:-:::::::* cpe:2.3:h:qualcomm:sd_820:-:::::::* cpe:2.3:h:qualcomm:sd_820a:-:::::::* cpe:2.3:h:qualcomm:sd_835:-:::::::* cpe:2.3:h:qualcomm:sd_845:-:::::::* cpe:2.3:h:qualcomm:sd_850:-:::::::* cpe:2.3:o:qualcomm:sd_450_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_625_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_820_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_820a_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_835_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_845_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_850_firmware:-:::::::*
Vendors & Products		Qualcomm Qualcomm sd 450 Qualcomm sd 450 Firmware Qualcomm sd 625 Qualcomm sd 625 Firmware Qualcomm sd 820 Qualcomm sd 820 Firmware Qualcomm sd 820a Qualcomm sd 820a Firmware Qualcomm sd 835 Qualcomm sd 835 Firmware Qualcomm sd 845 Qualcomm sd 845 Firmware Qualcomm sd 850 Qualcomm sd 850 Firmware

Tue, 26 Nov 2024 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 26 Nov 2024 09:15:00 +0000

Type	Values Removed	Values Added
Description		In multiple functions that process 802.11 frames, out-of-bounds reads can occur due to insufficient validation.
Title		Multiple buffer overread vulnerabilities in WLAN
Weaknesses		CWE-126
References		https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2024-11-26T08:55:18.024Z

Updated: 2024-11-26T14:09:23.431Z

Reserved: 2017-12-19T00:00:00.000Z

Link: CVE-2017-17772

Vulnrichment

Updated: 2024-11-26T14:02:30.995Z

NVD

Status : Analyzed

Published: 2024-11-26T09:15:04.640

Modified: 2025-01-09T21:01:09.953

Link: CVE-2017-17772

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object