CVE-2017-9711

Nov. 25, 2024, 7:10 p.m.

6.7
Medium

Description

Certain unprivileged processes are able to perform IOCTL calls.

Product(s) Impacted

Vendor Product Versions
Qualcomm
  • Mdm9206 Firmware
  • Mdm9206
  • Mdm9607 Firmware
  • Mdm9607
  • Mdm9640 Firmware
  • Mdm9640
  • Mdm9650 Firmware
  • Mdm9650
  • Msm8909w Firmware
  • Msm8909w
  • Sd 210 Firmware
  • Sd 210
  • Sd 212 Firmware
  • Sd 212
  • Sd 205 Firmware
  • Sd 205
  • Sd 425 Firmware
  • Sd 425
  • Sd 430 Firmware
  • Sd 430
  • Sd 450 Firmware
  • Sd 450
  • Sd 615 Firmware
  • Sd 615
  • Sd 616 Firmware
  • Sd 616
  • Sd 415 Firmware
  • Sd 415
  • Sd 617 Firmware
  • Sd 617
  • Sd 625 Firmware
  • Sd 625
  • Sd 650 Firmware
  • Sd 650
  • Sd 652 Firmware
  • Sd 652
  • Sd 810 Firmware
  • Sd 810
  • Sd 820 Firmware
  • Sd 820
  • Sd 820a Firmware
  • Sd 820a
  • Sd 835 Firmware
  • Sd 835
  • Sd 845 Firmware
  • Sd 845
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-264
None
None

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o qualcomm mdm9206_firmware - / / / / / / /
h qualcomm mdm9206 - / / / / / / /
o qualcomm mdm9607_firmware - / / / / / / /
h qualcomm mdm9607 - / / / / / / /
o qualcomm mdm9640_firmware - / / / / / / /
h qualcomm mdm9640 - / / / / / / /
o qualcomm mdm9650_firmware - / / / / / / /
h qualcomm mdm9650 - / / / / / / /
o qualcomm msm8909w_firmware - / / / / / / /
h qualcomm msm8909w - / / / / / / /
o qualcomm sd_210_firmware - / / / / / / /
h qualcomm sd_210 - / / / / / / /
o qualcomm sd_212_firmware - / / / / / / /
h qualcomm sd_212 - / / / / / / /
o qualcomm sd_205_firmware - / / / / / / /
h qualcomm sd_205 - / / / / / / /
o qualcomm sd_425_firmware - / / / / / / /
h qualcomm sd_425 - / / / / / / /
o qualcomm sd_430_firmware - / / / / / / /
h qualcomm sd_430 - / / / / / / /
o qualcomm sd_450_firmware - / / / / / / /
h qualcomm sd_450 - / / / / / / /
o qualcomm sd_615_firmware - / / / / / / /
h qualcomm sd_615 - / / / / / / /
o qualcomm sd_616_firmware - / / / / / / /
h qualcomm sd_616 - / / / / / / /
o qualcomm sd_415_firmware - / / / / / / /
h qualcomm sd_415 - / / / / / / /
o qualcomm sd_617_firmware - / / / / / / /
h qualcomm sd_617 - / / / / / / /
o qualcomm sd_625_firmware - / / / / / / /
h qualcomm sd_625 - / / / / / / /
o qualcomm sd_650_firmware - / / / / / / /
h qualcomm sd_650 - / / / / / / /
o qualcomm sd_652_firmware - / / / / / / /
h qualcomm sd_652 - / / / / / / /
o qualcomm sd_810_firmware - / / / / / / /
h qualcomm sd_810 - / / / / / / /
o qualcomm sd_820_firmware - / / / / / / /
h qualcomm sd_820 - / / / / / / /
o qualcomm sd_820a_firmware - / / / / / / /
h qualcomm sd_820a - / / / / / / /
o qualcomm sd_835_firmware - / / / / / / /
h qualcomm sd_835 - / / / / / / /
o qualcomm sd_845_firmware - / / / / / / /
h qualcomm sd_845 - / / / / / / /

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html

Tags

product-security@qualcomm.com
CWE-264
NVD-CWE-noinfo
2024-11-22
CVE-2017-9711

CVSS Score

6.7 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: HIGH
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: Nov. 22, 2024, 10:15 a.m.
Last Modified: Nov. 25, 2024, 7:10 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

product-security@qualcomm.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.