CVE-2017-17773

Q: What is the severity of CVE-2017-17773?

CVE-2017-17773 has a CVSS score of 9.8 (CRITICAL). A buffer overflow vulnerability in Qualcomm Snapdragon chipsets allows attackers to execute arbitrary code by sending specially crafted video files. This affects millions of automotive, wearable, and mobile devices using vulnerable Snapdragon processors.

9.8 CRITICAL

Remote Code Execution Buffer Overflow

📋 TL;DR

A buffer overflow vulnerability in Qualcomm Snapdragon chipsets allows attackers to execute arbitrary code by sending specially crafted video files. This affects millions of automotive, wearable, and mobile devices using vulnerable Snapdragon processors.

💻 Affected Systems

Products:

Snapdragon Automobile
Snapdragon Wearable
Snapdragon Mobile MDM9206
MDM9607
MDM9650
SD 210/SD 212/SD 205
SD 400
SD 410/12
SD 425
SD 430
SD 450
SD 600
SD 602A
SD 615/16/SD 415
SD 617
SD 625
SD 650/52
SD 800
SD 808
SD 810
SD 820
SD 820Am
SD 835
SD 845
MSM8909W

Versions: All versions before March 2018 security patches

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices using vulnerable Qualcomm video processing libraries. Requires video file parsing to trigger.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel privileges leading to complete device compromise, data theft, and persistent backdoor installation.

🟠

Likely Case

Application crash leading to denial of service, or limited code execution within the video processing context.

🟢

If Mitigated

Application crash without code execution if ASLR/DEP protections are effective, but still causes service disruption.

🌐 Internet-Facing: HIGH - Attackers can exploit via malicious video files delivered through web, email, or messaging apps.

🏢 Internal Only: MEDIUM - Requires user interaction to open malicious files, but internal threats could target specific users.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting malicious MP4 video files. No public exploit code available, but vulnerability is well-documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android security patch level March 2018 or later

Vendor Advisory: https://source.android.com/security/bulletin/2018-03-01

Restart Required: Yes

Instructions:

1. Check for Android security updates. 2. Apply March 2018 or later security patch. 3. Reboot device. 4. Verify patch level in Settings > About phone > Android security patch level.

🔧 Temporary Workarounds

Disable automatic video processing

android

Prevent automatic parsing of video files in vulnerable applications

Use alternative video players

android

Install video players with different codec libraries not affected by this vulnerability

🧯 If You Can't Patch

Isolate affected devices from untrusted networks
Implement application whitelisting to prevent execution of unknown video files

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone. If before March 2018, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android security patch level shows March 2018 or later date.

📡 Detection & Monitoring

Log Indicators:

Video processing service crashes
Kernel panic logs related to video_fmt_mp4r
Memory corruption errors in system logs

Network Indicators:

Unusual video file downloads to affected devices
Network traffic patterns showing video file delivery to multiple devices

SIEM Query:

source="android_logs" AND ("video_fmt_mp4r" OR "avc1" OR "MP4 parsing error")

📊 Metadata

CVE ID: CVE-2017-17773

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: March 15, 2018

Last Updated: November 21, 2024

🔗 References

http://www.securityfocus.com/bid/103292 Third Party Advisory,VDB Entry
https://source.android.com/security/bulletin/2018-03-01 Third Party Advisory
http://www.securityfocus.com/bid/103292 Third Party Advisory,VDB Entry
https://source.android.com/security/bulletin/2018-03-01 Third Party Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Mdm9206 Firmware by Qualcomm

Mdm9607 Firmware by Qualcomm

Mdm9650 Firmware by Qualcomm

Msm8909w Firmware by Qualcomm

S820am Firmware by Qualcomm

Sd 205 Firmware by Qualcomm

Sd 210 Firmware by Qualcomm

Sd 212 Firmware by Qualcomm

Sd 400 Firmware by Qualcomm

Sd 410 Firmware by Qualcomm

Sd 412 Firmware by Qualcomm

Sd 415 Firmware by Qualcomm

Sd 425 Firmware by Qualcomm

Sd 430 Firmware by Qualcomm

Sd 450 Firmware by Qualcomm

Sd 600 Firmware by Qualcomm

Sd 602a Firmware by Qualcomm

Sd 615 Firmware by Qualcomm

Sd 616 Firmware by Qualcomm

Sd 617 Firmware by Qualcomm

Sd 625 Firmware by Qualcomm

Sd 650 Firmware by Qualcomm

Sd 652 Firmware by Qualcomm

Sd 800 Firmware by Qualcomm

Sd 808 Firmware by Qualcomm

Sd 810 Firmware by Qualcomm

Sd 820 Firmware by Qualcomm

Sd 835 Firmware by Qualcomm

Sd 845 Firmware by Qualcomm