1. Home
  2. CVE Database
  3. CVE-2017-18173
HIGH · 7.8

CVE-2017-18173

In case of using an invalid android verified boot signature with very large length, an integer underflow occurs in Snapdragon Mobile in SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 810, SD 820, ...

Vulnerability Description

In case of using an invalid android verified boot signature with very large length, an integer underflow occurs in Snapdragon Mobile in SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 810, SD 820, SD 835, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
QualcommSd 425 Firmware-
QualcommSd 425-
QualcommSd 427 Firmware-
QualcommSd 427-
QualcommSd 430 Firmware-
QualcommSd 430-
QualcommSd 435 Firmware-
QualcommSd 435-
QualcommSd 450 Firmware-
QualcommSd 450-
QualcommSd 625 Firmware-
QualcommSd 625-
QualcommSd 810 Firmware-
QualcommSd 810-
QualcommSd 820 Firmware-
QualcommSd 820-
QualcommSd 835 Firmware-
QualcommSd 835-
QualcommSdm630 Firmware-
QualcommSdm630-

Related Weaknesses (CWE)

CWE-190

References

FAQ

What is CVE-2017-18173?

CVE-2017-18173 is a vulnerability with a CVSS score of 7.8 (HIGH). In case of using an invalid android verified boot signature with very large length, an integer underflow occurs in Snapdragon Mobile in SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 810, SD 820, ...

How severe is CVE-2017-18173?

CVE-2017-18173 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-18173?

Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Sd 425 Firmware, Qualcomm Sd 425, Qualcomm Sd 427 Firmware, Qualcomm Sd 427, Qualcomm Sd 430 Firmware.