Vulnerability Description
Improper input validation for GATT data packet received in Bluetooth Controller function can lead to possible memory corruption in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, SDM630, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Qca9379 Firmware | - |
| Qualcomm | Qca9379 | - |
| Qualcomm | Sd 210 Firmware | - |
| Qualcomm | Sd 210 | - |
| Qualcomm | Sd 212 Firmware | - |
| Qualcomm | Sd 212 | - |
| Qualcomm | Sd 205 Firmware | - |
| Qualcomm | Sd 205 | - |
| Qualcomm | Sd 410 Firmware | - |
| Qualcomm | Sd 410 | - |
| Qualcomm | Sd 412 Firmware | - |
| Qualcomm | Sd 412 | - |
| Qualcomm | Sd 425 Firmware | - |
| Qualcomm | Sd 425 | - |
| Qualcomm | Sd 427 Firmware | - |
| Qualcomm | Sd 427 | - |
| Qualcomm | Sd 430 Firmware | - |
| Qualcomm | Sd 430 | - |
| Qualcomm | Sd 435 Firmware | - |
| Qualcomm | Sd 435 | - |
Related Weaknesses (CWE)
References
- https://source.android.com/security/bulletin/2018-07-01#qualcomm-closed-source-cVendor Advisory
- https://www.qualcomm.com/company/product-security/bulletinsVendor Advisory
- https://source.android.com/security/bulletin/2018-07-01#qualcomm-closed-source-cVendor Advisory
- https://www.qualcomm.com/company/product-security/bulletinsVendor Advisory
FAQ
What is CVE-2017-18171?
CVE-2017-18171 is a vulnerability with a CVSS score of 8.8 (HIGH). Improper input validation for GATT data packet received in Bluetooth Controller function can lead to possible memory corruption in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 410/12...
How severe is CVE-2017-18171?
CVE-2017-18171 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-18171?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Qca9379 Firmware, Qualcomm Qca9379, Qualcomm Sd 210 Firmware, Qualcomm Sd 210, Qualcomm Sd 212 Firmware.