Vulnerability Description
XPU Master privilege escalation is possible due to improper access control of unused configuration xPU ports where unused configuration ports are open in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Mdm9607 Firmware | - |
| Qualcomm | Mdm9607 | - |
| Qualcomm | Mdm9635M Firmware | - |
| Qualcomm | Mdm9635M | - |
| Qualcomm | Mdm9640 Firmware | - |
| Qualcomm | Mdm9640 | - |
| Qualcomm | Mdm9645 Firmware | - |
| Qualcomm | Mdm9645 | - |
| Qualcomm | Mdm9650 Firmware | - |
| Qualcomm | Mdm9650 | - |
| Qualcomm | Mdm9655 Firmware | - |
| Qualcomm | Mdm9655 | - |
| Qualcomm | Msm8909W Firmware | - |
| Qualcomm | Msm8909W | - |
| Qualcomm | Msm8996Au Firmware | - |
| Qualcomm | Msm8996Au | - |
| Qualcomm | Sd 210 Firmware | - |
| Qualcomm | Sd 210 | - |
| Qualcomm | Sd 212 Firmware | - |
| Qualcomm | Sd 212 | - |
References
- https://www.qualcomm.com/company/product-security/bulletinsVendor Advisory
- https://www.qualcomm.com/company/product-security/bulletinsVendor Advisory
FAQ
What is CVE-2017-18311?
CVE-2017-18311 is a vulnerability with a CVSS score of 7.8 (HIGH). XPU Master privilege escalation is possible due to improper access control of unused configuration xPU ports where unused configuration ports are open in Snapdragon Automobile, Snapdragon Mobile, Snap...
How severe is CVE-2017-18311?
CVE-2017-18311 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-18311?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Mdm9607 Firmware, Qualcomm Mdm9607, Qualcomm Mdm9635M Firmware, Qualcomm Mdm9635M, Qualcomm Mdm9640 Firmware.