What is CVE-2017-18294?

CVE-2017-18294 is a high-severity vulnerability in Qualcomm Fsm9055, classified under Out-of-bounds Read. CVSS score: 7.8/10. Published 2018-10-23.

How severe is CVE-2017-18294?

High severity. CVSS v3 base score is 7.8 out of 10.

Is CVE-2017-18294 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Out-of-bounds Read in Qualcomm Fsm9055

CVE-2017-18294

While reading file class type from ELF header, a buffer overread may happen if the ELF file size is less than the size of ELF64 header size in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, MD…

Vulnerability class: Buffer Overflow

EPSS: 0.003 (17.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

CWE-125 — Out-of-bounds Read

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

product-security@qualcomm.com (x_refsource_CONFIRM, Vendor Advisory)
product-security@qualcomm.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
product-security@qualcomm.com (x_refsource_CONFIRM, Third Party Advisory)

Frequently asked questions

What is CVE-2017-18294?: CVE-2017-18294 is a high-severity vulnerability in Qualcomm Fsm9055, classified under Out-of-bounds Read. CVSS score: 7.8/10. Published 2018-10-23.
How severe is CVE-2017-18294?: High severity. CVSS v3 base score is 7.8 out of 10.
Is CVE-2017-18294 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.