CVE-2017-18314

Q: What is the severity of CVE-2017-18314?

CVE-2017-18314 has a CVSS score of 9.8 (CRITICAL). This vulnerability affects Qualcomm Snapdragon chipsets where a TrustZone (TZ) cold boot clears a CNOC_QDSS RG0 register that was locked by xBL_SEC, potentially allowing privilege escalation. It impacts numerous Snapdragon-based devices including smartphones, wearables, and automotive systems. Attackers could exploit this to bypass security boundaries and gain elevated privileges.

9.8 CRITICAL

📋 TL;DR

This vulnerability affects Qualcomm Snapdragon chipsets where a TrustZone (TZ) cold boot clears a CNOC_QDSS RG0 register that was locked by xBL_SEC, potentially allowing privilege escalation. It impacts numerous Snapdragon-based devices including smartphones, wearables, and automotive systems. Attackers could exploit this to bypass security boundaries and gain elevated privileges.

💻 Affected Systems

Products:

Snapdragon MDM9206
MDM9607
MDM9635M
MDM9640
MDM9645
MDM9650
MDM9655
MSM8909W
MSM8996AU
SD 210/SD 212/SD 205
SD 410/12
SD 425
SD 427
SD 430
SD 435
SD 450
SD 615/16/SD 415
SD 617
SD 625
SD 650/52
SD 810
SD 820
SD 820A
SD 835
SDA660
SDM429
SDM439
SDM630
SDM632
SDM636
SDM660
Snapdragon_High_Med_2016

Versions: Specific firmware versions for affected chipsets

Operating Systems: Android-based systems using affected Qualcomm chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices using the listed Snapdragon chipsets. The vulnerability is in Qualcomm's closed-source TrustZone implementation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to execute arbitrary code with highest privileges, potentially gaining persistent access to sensitive data and hardware functions.

🟠

Likely Case

Privilege escalation allowing attackers to bypass security restrictions and access protected system resources or user data.

🟢

If Mitigated

Limited impact if device is properly patched and security features like verified boot are enabled and functioning correctly.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires physical access or ability to trigger cold boot, making remote exploitation unlikely without additional vulnerabilities.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Bulletin September 2018 and later

Vendor Advisory: https://source.android.com/security/bulletin/2018-09-01

Restart Required: Yes

Instructions:

1. Check for Android security updates from device manufacturer. 2. Apply September 2018 or later security patch level. 3. Verify patch installation through device settings.

🔧 Temporary Workarounds

Physical Security Controls

all

Implement strict physical access controls to prevent attackers from gaining physical access to devices.

Device Encryption

android

Enable full device encryption to protect data even if device is compromised.

🧯 If You Can't Patch

Isolate affected devices from sensitive networks and data
Implement strict physical security controls and monitoring

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android security patch level. If before September 2018, device is likely vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android security patch level is September 2018 or later in device settings.

📡 Detection & Monitoring

Log Indicators:

Unexpected cold boot events
TrustZone initialization failures
Security boundary violation alerts

Network Indicators:

Unusual device behavior patterns
Anomalous privilege escalation attempts

SIEM Query:

Search for security patch level older than 2018-09-01 on Android devices

📊 Metadata

CVE ID: CVE-2017-18314

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Published: September 20, 2018

Last Updated: November 21, 2024

🔗 References

https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins Vendor Advisory
https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Mdm9206 Firmware by Qualcomm

Mdm9607 Firmware by Qualcomm

Mdm9635m Firmware by Qualcomm

Mdm9640 Firmware by Qualcomm

Mdm9645 Firmware by Qualcomm

Mdm9650 Firmware by Qualcomm

Mdm9655 Firmware by Qualcomm

Msm8909w Firmware by Qualcomm

Msm8996au Firmware by Qualcomm

Sd205 Firmware by Qualcomm

Sd210 Firmware by Qualcomm

Sd212 Firmware by Qualcomm

Sd410 Firmware by Qualcomm

Sd412 Firmware by Qualcomm

Sd415 Firmware by Qualcomm

Sd425 Firmware by Qualcomm

Sd427 Firmware by Qualcomm

Sd430 Firmware by Qualcomm

Sd435 Firmware by Qualcomm

Sd450 Firmware by Qualcomm

Sd615 Firmware by Qualcomm

Sd616 Firmware by Qualcomm

Sd617 Firmware by Qualcomm

Sd625 Firmware by Qualcomm

Sd650 Firmware by Qualcomm

Sd652 Firmware by Qualcomm

Sd810 Firmware by Qualcomm

Sd820 Firmware by Qualcomm

Sd820a Firmware by Qualcomm

Sd835 Firmware by Qualcomm

Sda660 Firmware by Qualcomm

Sdm429 Firmware by Qualcomm

Sdm439 Firmware by Qualcomm

Sdm630 Firmware by Qualcomm

Sdm632 Firmware by Qualcomm

Sdm636 Firmware by Qualcomm

Sdm660 Firmware by Qualcomm