Integer Underflow Vulnerability in Snapdragon Mobile Platforms by Qualcomm
CVE-2017-18173

7.8HIGH

Key Information:

Vendor: Qualcomm Technologies, Inc.
Status: Snapdragon Mobile
Vendor: CVE Published:; 6 May 2019

🔔 Create Qualcomm Technologies, Inc. Vulnerability Alert

What is CVE-2017-18173?

A critical integer underflow vulnerability exists in the Qualcomm Snapdragon mobile platforms when handling an invalid Android verified boot signature of excessively large length. This flaw affects a range of Snapdragon processors, including SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 810, SD 820, SD 835, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016. Exploitation of this vulnerability could lead to significant security risks, including unauthorized access or manipulation of system functionality.

Affected Version(s)

Snapdragon Mobile SD 425

Snapdragon Mobile SD 427

Snapdragon Mobile SD 430

References

https://www.qualcomm.com/company/product-security/bulletins

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2019
Vulnerability Reserved
Feb 5, 2018