CVE-2017-18292

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A

Description: A secure app running in a non-secure space can potentially restart the TrustZone (TZ) by repeatedly calling the Widevine app API in Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear. This issue may be related to the interaction between secure and non-secure environments within the Snapdragon system.

Recommendations: For Qualcomm Snapdragon versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, consider restricting access to the Widevine app API to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.