Vulnerability Description
In a device, with screen size 1440x2560, the check of contiguous buffer will overflow on certain buffer size resulting in an Integer Overflow or Wraparound in System UI in Snapdragon Automobile, Snapdragon Mobile in version MDM9635M, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Mdm9635M Firmware | - |
| Qualcomm | Mdm9635M | - |
| Qualcomm | Sd 400 Firmware | - |
| Qualcomm | Sd 400 | - |
| Qualcomm | Sd 410 Firmware | - |
| Qualcomm | Sd 410 | - |
| Qualcomm | Sd 412 Firmware | - |
| Qualcomm | Sd 412 | - |
| Qualcomm | Sd 425 Firmware | - |
| Qualcomm | Sd 425 | - |
| Qualcomm | Sd 427 Firmware | - |
| Qualcomm | Sd 427 | - |
| Qualcomm | Sd 430 Firmware | - |
| Qualcomm | Sd 430 | - |
| Qualcomm | Sd 435 Firmware | - |
| Qualcomm | Sd 435 | - |
| Qualcomm | Sd 450 Firmware | - |
| Qualcomm | Sd 450 | - |
| Qualcomm | Sd 615 Firmware | - |
| Qualcomm | Sd 615 | - |
Related Weaknesses (CWE)
References
- https://source.android.com/security/bulletin/2018-07-01#qualcomm-closed-source-cVendor Advisory
- https://www.qualcomm.com/company/product-security/bulletinsVendor Advisory
- https://source.android.com/security/bulletin/2018-07-01#qualcomm-closed-source-cVendor Advisory
- https://www.qualcomm.com/company/product-security/bulletinsVendor Advisory
FAQ
What is CVE-2017-18172?
CVE-2017-18172 is a vulnerability with a CVSS score of 7.8 (HIGH). In a device, with screen size 1440x2560, the check of contiguous buffer will overflow on certain buffer size resulting in an Integer Overflow or Wraparound in System UI in Snapdragon Automobile, Snapd...
How severe is CVE-2017-18172?
CVE-2017-18172 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-18172?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Mdm9635M Firmware, Qualcomm Mdm9635M, Qualcomm Sd 400 Firmware, Qualcomm Sd 400, Qualcomm Sd 410 Firmware.