CVE-2017-18294

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon versions FSM9055, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20

Description: A buffer overread may occur when reading file class type from the ELF header in certain Qualcomm Snapdragon versions, specifically if the ELF file size is less than the size of the ELF64 header size. This issue affects various Qualcomm Snapdragon products, including Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear.

Recommendations: For versions FSM9055, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20, consider implementing checks to ensure the ELF file size is valid before processing it to prevent buffer overread. At the moment, there is no information about a newer version that contains a fix for this vulnerability.