CVE-2017-18324

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, SD 855, SDX24, Snapdragon High Med 2016

Description A cryptographic key material leak has been identified in debug messages, specifically affecting the GERAN in Snapdragon mobile and Snapdragon wear.

Recommendations For versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, SD 855, SDX24, Snapdragon High Med 2016, consider disabling debug messages to prevent key material leakage until a patch is available. Restrict access to sensitive areas where debug messages may be exposed to minimize the risk of exploitation.