CVE-2017-18306 - Vulnerability Details

Information disclosure due to uninitialized variable.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Qualcomm	Sd 450 Sd 450 Firmware Sd 625 Sd 625 Firmware Sd 820 Sd 820 Firmware Sd 820a Sd 820a Firmware Sd 835 Sd 835 Firmware Sd 845 Sd 845 Firmware Sd 850 Sd 850 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html

History

Thu, 09 Jan 2025 20:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Qualcomm sd 450 Qualcomm sd 625 Qualcomm sd 820 Qualcomm sd 820a Qualcomm sd 835 Qualcomm sd 845 Qualcomm sd 850
Weaknesses		CWE-908
CPEs		cpe:2.3:h:qualcomm:sd_450:-:::::::* cpe:2.3:h:qualcomm:sd_625:-:::::::* cpe:2.3:h:qualcomm:sd_820:-:::::::* cpe:2.3:h:qualcomm:sd_820a:-:::::::* cpe:2.3:h:qualcomm:sd_835:-:::::::* cpe:2.3:h:qualcomm:sd_845:-:::::::* cpe:2.3:h:qualcomm:sd_850:-:::::::*
Vendors & Products		Qualcomm sd 450 Qualcomm sd 625 Qualcomm sd 820 Qualcomm sd 820a Qualcomm sd 835 Qualcomm sd 845 Qualcomm sd 850

Tue, 26 Nov 2024 16:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Qualcomm Qualcomm sd 450 Firmware Qualcomm sd 625 Firmware Qualcomm sd 820 Firmware Qualcomm sd 820a Firmware Qualcomm sd 835 Firmware Qualcomm sd 845 Firmware Qualcomm sd 850 Firmware
CPEs		cpe:2.3:o:qualcomm:sd_450_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_625_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_820_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_820a_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_835_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_845_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_850_firmware:-:::::::*
Vendors & Products		Qualcomm Qualcomm sd 450 Firmware Qualcomm sd 625 Firmware Qualcomm sd 820 Firmware Qualcomm sd 820a Firmware Qualcomm sd 835 Firmware Qualcomm sd 845 Firmware Qualcomm sd 850 Firmware
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 26 Nov 2024 14:15:00 +0000

Type	Values Removed	Values Added
Description		Information disclosure due to uninitialized variable.
Title		Information Exposure in Camera Driver
Weaknesses		CWE-200
References		https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html
Metrics		cvssV3_1 `{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2024-11-26T13:56:21.839Z

Updated: 2024-11-26T15:57:56.603Z

Reserved: 2018-06-15T00:00:00.000Z

Link: CVE-2017-18306

Vulnrichment

Updated: 2024-11-26T14:49:04.173Z

NVD

Status : Analyzed

Published: 2024-11-26T14:15:17.430

Modified: 2025-01-09T20:16:22.950

Link: CVE-2017-18306

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object