CVE-2017-9711 - Vulnerability Details

Certain unprivileged processes are able to perform IOCTL calls.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Exploitation none

Automatable no

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Qualcomm, Inc.

Snapdragon

unaffected

Version	Status	Constraints
`MDM9206`	affected	—
`MDM9607`	affected	—
`MDM9640`	affected	—
`MDM9650`	affected	—
`MSM8909W`	affected	—
`SD 210/SD 212/SD 205`	affected	—
`SD 425`	affected	—
`SD 430`	affected	—
`SD 450`	affected	—
`SD 615/16/SD 415`	affected	—
`SD 617`	affected	—
`SD 625`	affected	—
`SD 650/52`	affected	—
`SD 810`	affected	—
`SD 820`	affected	—
`SD 820A`	affected	—
`SD 835`	affected	—
`SD 845`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Qualcomm Subscribe	Mdm9206 Subscribe Mdm9206 Firmware Subscribe Mdm9607 Subscribe Mdm9607 Firmware Subscribe Mdm9640 Subscribe Mdm9640 Firmware Subscribe Mdm9650 Subscribe Mdm9650 Firmware Subscribe Msm8909w Subscribe Msm8909w Firmware Subscribe Sd 205 Subscribe Sd 205 Firmware Subscribe Sd 210 Subscribe Sd 210 Firmware Subscribe Sd 212 Subscribe Sd 212 Firmware Subscribe Sd 415 Subscribe Sd 415 Firmware Subscribe Sd 425 Subscribe Sd 425 Firmware Subscribe Sd 430 Subscribe Sd 430 Firmware Subscribe Sd 450 Subscribe Sd 450 Firmware Subscribe Sd 615 Subscribe Sd 615 Firmware Subscribe Sd 616 Subscribe Sd 616 Firmware Subscribe Sd 617 Subscribe Sd 617 Firmware Subscribe Sd 625 Subscribe Sd 625 Firmware Subscribe Sd 650 Subscribe Sd 650 Firmware Subscribe Sd 652 Subscribe Sd 652 Firmware Subscribe Sd 810 Subscribe Sd 810 Firmware Subscribe Sd 820 Subscribe Sd 820 Firmware Subscribe Sd 820a Subscribe Sd 820a Firmware Subscribe Sd 835 Subscribe Sd 835 Firmware Subscribe Sd 845 Subscribe Sd 845 Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2017-18642	Certain unprivileged processes are able to perform IOCTL calls.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html

History

Mon, 25 Nov 2024 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Qualcomm mdm9206 Qualcomm mdm9607 Qualcomm mdm9640 Qualcomm mdm9650 Qualcomm msm8909w Qualcomm sd 205 Qualcomm sd 205 Firmware Qualcomm sd 210 Qualcomm sd 210 Firmware Qualcomm sd 212 Qualcomm sd 212 Firmware Qualcomm sd 415 Qualcomm sd 415 Firmware Qualcomm sd 425 Qualcomm sd 430 Qualcomm sd 450 Qualcomm sd 615 Qualcomm sd 615 Firmware Qualcomm sd 616 Qualcomm sd 616 Firmware Qualcomm sd 617 Qualcomm sd 625 Qualcomm sd 650 Qualcomm sd 650 Firmware Qualcomm sd 652 Qualcomm sd 652 Firmware Qualcomm sd 810 Qualcomm sd 820 Qualcomm sd 820a Qualcomm sd 835 Qualcomm sd 845
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:h:qualcomm:mdm9206:-:::::::* cpe:2.3:h:qualcomm:mdm9607:-:::::::* cpe:2.3:h:qualcomm:mdm9640:-:::::::* cpe:2.3:h:qualcomm:mdm9650:-:::::::* cpe:2.3:h:qualcomm:msm8909w:-:::::::* cpe:2.3:h:qualcomm:sd_205:-:::::::* cpe:2.3:h:qualcomm:sd_210:-:::::::* cpe:2.3:h:qualcomm:sd_212:-:::::::* cpe:2.3:h:qualcomm:sd_415:-:::::::* cpe:2.3:h:qualcomm:sd_425:-:::::::* cpe:2.3:h:qualcomm:sd_430:-:::::::* cpe:2.3:h:qualcomm:sd_450:-:::::::* cpe:2.3:h:qualcomm:sd_615:-:::::::* cpe:2.3:h:qualcomm:sd_616:-:::::::* cpe:2.3:h:qualcomm:sd_617:-:::::::* cpe:2.3:h:qualcomm:sd_625:-:::::::* cpe:2.3:h:qualcomm:sd_650:-:::::::* cpe:2.3:h:qualcomm:sd_652:-:::::::* cpe:2.3:h:qualcomm:sd_810:-:::::::* cpe:2.3:h:qualcomm:sd_820:-:::::::* cpe:2.3:h:qualcomm:sd_820a:-:::::::* cpe:2.3:h:qualcomm:sd_835:-:::::::* cpe:2.3:h:qualcomm:sd_845:-:::::::* cpe:2.3:o:qualcomm:sd_205_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_210_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_212_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_415_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_615_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_616_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_650_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_652_firmware:-:::::::*
Vendors & Products		Qualcomm mdm9206 Qualcomm mdm9607 Qualcomm mdm9640 Qualcomm mdm9650 Qualcomm msm8909w Qualcomm sd 205 Qualcomm sd 205 Firmware Qualcomm sd 210 Qualcomm sd 210 Firmware Qualcomm sd 212 Qualcomm sd 212 Firmware Qualcomm sd 415 Qualcomm sd 415 Firmware Qualcomm sd 425 Qualcomm sd 430 Qualcomm sd 450 Qualcomm sd 615 Qualcomm sd 615 Firmware Qualcomm sd 616 Qualcomm sd 616 Firmware Qualcomm sd 617 Qualcomm sd 625 Qualcomm sd 650 Qualcomm sd 650 Firmware Qualcomm sd 652 Qualcomm sd 652 Firmware Qualcomm sd 810 Qualcomm sd 820 Qualcomm sd 820a Qualcomm sd 835 Qualcomm sd 845

Fri, 22 Nov 2024 12:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Qualcomm Qualcomm mdm9206 Firmware Qualcomm mdm9607 Firmware Qualcomm mdm9640 Firmware Qualcomm mdm9650 Firmware Qualcomm msm8909w Firmware Qualcomm sd 425 Firmware Qualcomm sd 430 Firmware Qualcomm sd 450 Firmware Qualcomm sd 617 Firmware Qualcomm sd 625 Firmware Qualcomm sd 810 Firmware Qualcomm sd 820 Firmware Qualcomm sd 820a Firmware Qualcomm sd 835 Firmware Qualcomm sd 845 Firmware
CPEs		cpe:2.3:o:qualcomm:mdm9206_firmware:-:::::::* cpe:2.3:o:qualcomm:mdm9607_firmware:-:::::::* cpe:2.3:o:qualcomm:mdm9640_firmware:-:::::::* cpe:2.3:o:qualcomm:mdm9650_firmware:-:::::::* cpe:2.3:o:qualcomm:msm8909w_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_425_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_430_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_450_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_617_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_625_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_810_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_820_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_820a_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_835_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_845_firmware:-:::::::*
Vendors & Products		Qualcomm Qualcomm mdm9206 Firmware Qualcomm mdm9607 Firmware Qualcomm mdm9640 Firmware Qualcomm mdm9650 Firmware Qualcomm msm8909w Firmware Qualcomm sd 425 Firmware Qualcomm sd 430 Firmware Qualcomm sd 450 Firmware Qualcomm sd 617 Firmware Qualcomm sd 625 Firmware Qualcomm sd 810 Firmware Qualcomm sd 820 Firmware Qualcomm sd 820a Firmware Qualcomm sd 835 Firmware Qualcomm sd 845 Firmware
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 22 Nov 2024 09:30:00 +0000

Type	Values Removed	Values Added
Description		Certain unprivileged processes are able to perform IOCTL calls.
Title		Permissions, Privileges, and Access Controls in Data
Weaknesses		CWE-264
References		https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html
Metrics		cvssV3_1 `{'score': 6.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2024-11-22T09:09:10.630Z

Updated: 2024-11-22T11:40:06.357Z

Reserved: 2017-06-15T00:00:00.000Z

Link: CVE-2017-9711

Vulnrichment

Updated: 2024-11-22T11:29:57.007Z

NVD

Status : Analyzed

Published: 2024-11-22T10:15:03.387

Modified: 2024-11-25T19:10:02.253

Link: CVE-2017-9711

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object