cve/2017/CVE-2017-18305.md

### [CVE-2017-18305](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18305)
![](https://img.shields.io/static/v1?label=Product&message=Snapdragon%20Mobile%2C%20Snapdragon%20Wear&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Access%20Control%20in%20Core&color=brighgreen)

### Description

XBL sec mem dump system call allows complete control of EL3 by unlocking all XPUs if enable fuse is not blown in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835.

### POC

#### Reference
- https://www.qualcomm.com/company/product-security/bulletins

#### Github
- https://github.com/ARPSyndicate/cvemon
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2017-18305](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18305)`
			`![](https://img.shields.io/static/v1?label=Product&message=Snapdragon%20Mobile%2C%20Snapdragon%20Wear&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Access%20Control%20in%20Core&color=brighgreen)`

			`### Description`

			`XBL sec mem dump system call allows complete control of EL3 by unlocking all XPUs if enable fuse is not blown in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835.`

			`### POC`

			`#### Reference`
			`- https://www.qualcomm.com/company/product-security/bulletins`

			`#### Github`
			`- https://github.com/ARPSyndicate/cvemon`