1. Home
  2. CVE Database
  3. CVE-2017-11076
CRITICAL · 9.8

CVE-2017-11076

On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware which can lead to an invalid memory access by the decoder.

Vulnerability Description

On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware which can lead to an invalid memory access by the decoder.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
QualcommMsm8909W Firmware-
QualcommMsm8909W-
QualcommMsm8996Au Firmware-
QualcommMsm8996Au-
QualcommSd 210 Firmware-
QualcommSd 210-
QualcommSd 212 Firmware-
QualcommSd 212-
QualcommSd 205 Firmware-
QualcommSd 205-
QualcommSd 425 Firmware-
QualcommSd 425-
QualcommSd 427 Firmware-
QualcommSd 427-
QualcommSd 430 Firmware-
QualcommSd 430-
QualcommSd 435 Firmware-
QualcommSd 435-
QualcommSd 450 Firmware-
QualcommSd 450-

Related Weaknesses (CWE)

CWE-823CWE-119

References

FAQ

What is CVE-2017-11076?

CVE-2017-11076 is a vulnerability with a CVSS score of 9.8 (CRITICAL). On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware which can lead to an invalid memory access by the decoder.

How severe is CVE-2017-11076?

CVE-2017-11076 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2017-11076?

Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Msm8909W Firmware, Qualcomm Msm8909W, Qualcomm Msm8996Au Firmware, Qualcomm Msm8996Au, Qualcomm Sd 210 Firmware.