cve/2017/CVE-2017-18292.md

### [CVE-2017-18292](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18292)
![](https://img.shields.io/static/v1?label=Product&message=Snapdragon%20Automobile%2C%20Snapdragon%20Mobile%2C%20Snapdragon%20Wear&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Lack%20of%20Input%20Validation%20May%20Lead%20to%20System%20Reset&color=brighgreen)

### Description

Secure app running in non secure space can restart TZ by calling Widevine app API repeatedly in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A.

### POC

#### Reference
- https://www.qualcomm.com/company/product-security/bulletins

#### Github
- https://github.com/ARPSyndicate/cvemon
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2017-18292](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18292)`
			`![](https://img.shields.io/static/v1?label=Product&message=Snapdragon%20Automobile%2C%20Snapdragon%20Mobile%2C%20Snapdragon%20Wear&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Lack%20of%20Input%20Validation%20May%20Lead%20to%20System%20Reset&color=brighgreen)`

			`### Description`

			`Secure app running in non secure space can restart TZ by calling Widevine app API repeatedly in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A.`

			`### POC`

			`#### Reference`
			`- https://www.qualcomm.com/company/product-security/bulletins`

			`#### Github`
			`- https://github.com/ARPSyndicate/cvemon`