While processing camera buffers in camera driver, a use after free condition can occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 625, SD 820, SD 820A, SD 835, SDX20.

Metrics

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Qualcomm
  • Mdm9206
  • Mdm9206 Firmware
  • Mdm9607
  • Mdm9607 Firmware
  • Mdm9650
  • Mdm9650 Firmware
  • Msm8996au
  • Msm8996au Firmware
  • Sd 205
  • Sd 205 Firmware
  • Sd 210
  • Sd 210 Firmware
  • Sd 212
  • Sd 212 Firmware
  • Sd 625
  • Sd 625 Firmware
  • Sd 820
  • Sd 820 Firmware
  • Sd 820a
  • Sd 820a Firmware
  • Sd 835
  • Sd 835 Firmware
  • Sdx20
  • Sdx20 Firmware

Configuration 1 [-]

AND
cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*

No data.

References
Link Providers
https://www.qualcomm.com/company/product-security/bulletins cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2019-05-06T22:28:03

Updated: 2024-08-05T21:13:48.897Z

Reserved: 2018-02-05T00:00:00

Link: CVE-2017-18156

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-05-06T23:29:00.360

Modified: 2024-11-21T03:19:27.807

Link: CVE-2017-18156

cve-icon Redhat

No data.