CVE-2017-18280

Name of the Vulnerable Software and Affected Versions: Snapdragon (Automobile, Mobile, Wear) versions MDM9607, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDM429, SDM439, SDM632, Snapdragon High Med 2016

Description: The issue allows another Trusted Application to read data on an open SPI/I2C interface by calling the SPI/I2C read function, after a Trusted Application has opened the interface to a particular device.

Recommendations: For Snapdragon (Automobile, Mobile, Wear) versions MDM9607, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDM429, SDM439, SDM632, Snapdragon High Med 2016, consider restricting access to the SPI/I2C interface to prevent unauthorized data reading. At the moment, there is no information about a newer version that contains a fix for this vulnerability.