CVE-2017-18279

Q: What is the severity of CVE-2017-18279?

CVE-2017-18279 has a CVSS score of 7.8 (HIGH). A buffer overflow vulnerability in the camera module of Qualcomm Snapdragon chipsets allows attackers to execute arbitrary code or cause denial of service. This affects numerous mobile, wearable, and small cell devices using vulnerable Snapdragon processors. The vulnerability stems from insufficient buffer length validation before memory copy operations.

7.8 HIGH

Buffer Overflow

📋 TL;DR

A buffer overflow vulnerability in the camera module of Qualcomm Snapdragon chipsets allows attackers to execute arbitrary code or cause denial of service. This affects numerous mobile, wearable, and small cell devices using vulnerable Snapdragon processors. The vulnerability stems from insufficient buffer length validation before memory copy operations.

💻 Affected Systems

Products:

FSM9055
FSM9955
IPQ4019
IPQ8064
MDM9206
MDM9607
MDM9640
MDM9650
MSM8909W
MSM8996AU
QCA9531
QCA9558
QCA9563
QCA9880
QCA9886
QCA9980
SD 210/SD 212/SD 205
SD 425
SD 427
SD 430
SD 435
SD 450
SD 615/16/SD 415
SD 625
SD 650/52
SD 800
SD 810
SD 820
SD 835
SDM630
SDM636
SDM660
SDX20
Snapdragon_High_Med_2016

Versions: All versions before vendor patches

Operating Systems: Android, Linux-based embedded systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices using vulnerable Snapdragon chipsets with camera functionality enabled. The vulnerability is in the hardware/firmware layer.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel privileges leading to complete device compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation allowing attackers to gain elevated permissions on already compromised devices.

🟢

If Mitigated

Denial of service through application crashes if exploit attempts are blocked by security controls.

🌐 Internet-Facing: MEDIUM - Requires camera access which typically needs local or app-level permissions, but could be exploited via malicious apps.

🏢 Internal Only: HIGH - Malicious apps with camera permissions can exploit this locally to gain elevated privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires camera access permissions. No public exploit code is known, but buffer overflow vulnerabilities in hardware components are attractive targets for sophisticated attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Vendor-specific firmware updates

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins

Restart Required: Yes

Instructions:

1. Check with device manufacturer for firmware updates. 2. Apply Qualcomm-provided patches through OEM update channels. 3. Reboot device after update installation. 4. Verify patch application through version checks.

🔧 Temporary Workarounds

Restrict camera permissions

android

Limit camera access to trusted applications only to reduce attack surface

adb shell pm revoke <package_name> android.permission.CAMERA

Disable unnecessary camera services

android

Disable camera functionality on devices where it's not required

adb shell pm disable com.android.camera2
adb shell pm disable com.qualcomm.camera

🧯 If You Can't Patch

Isolate affected devices on segmented networks with strict access controls
Implement application allowlisting to prevent unauthorized camera access

🔍 How to Verify

Check if Vulnerable:

Check device chipset model and firmware version against Qualcomm's advisory. Use 'adb shell getprop ro.boot.hardware' to identify chipset.

Check Version:

adb shell getprop ro.build.fingerprint && adb shell getprop ro.boot.hardware

Verify Fix Applied:

Verify firmware version has been updated to post-patch release. Check with device manufacturer for specific patch verification procedures.

📡 Detection & Monitoring

Log Indicators:

Camera service crashes
Kernel panic logs
Permission escalation attempts in system logs

Network Indicators:

Unusual camera activation patterns
Suspicious inter-process communication to camera services

SIEM Query:

source="android_system" AND ("camera" AND ("crash" OR "overflow" OR "segfault"))

📊 Metadata

CVE ID: CVE-2017-18279

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-190

Published: May 6, 2019

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fsm9055 Firmware by Qualcomm

Fsm9955 Firmware by Qualcomm

Ipq4019 Firmware by Qualcomm

Ipq8064 Firmware by Qualcomm

Mdm9206 Firmware by Qualcomm

Mdm9607 Firmware by Qualcomm

Mdm9640 Firmware by Qualcomm

Mdm9650 Firmware by Qualcomm

Msm8909w Firmware by Qualcomm

Msm8996au Firmware by Qualcomm

Qca9531 Firmware by Qualcomm

Qca9558 Firmware by Qualcomm

Qca9563 Firmware by Qualcomm

Qca9880 Firmware by Qualcomm

Qca9886 Firmware by Qualcomm

Qca9980 Firmware by Qualcomm

Sd 205 Firmware by Qualcomm

Sd 210 Firmware by Qualcomm

Sd 212 Firmware by Qualcomm

Sd 415 Firmware by Qualcomm

Sd 425 Firmware by Qualcomm

Sd 427 Firmware by Qualcomm

Sd 430 Firmware by Qualcomm

Sd 435 Firmware by Qualcomm

Sd 450 Firmware by Qualcomm

Sd 615 Firmware by Qualcomm

Sd 616 Firmware by Qualcomm

Sd 625 Firmware by Qualcomm

Sd 650 Firmware by Qualcomm

Sd 652 Firmware by Qualcomm

Sd 800 Firmware by Qualcomm

Sd 810 Firmware by Qualcomm

Sd 820 Firmware by Qualcomm

Sd 835 Firmware by Qualcomm

Sdm630 Firmware by Qualcomm

Sdm636 Firmware by Qualcomm

Sdm660 Firmware by Qualcomm

Sdx20 Firmware by Qualcomm

Snapdragon High Med 2016 Firmware by Qualcomm