CVE-2017-18305

Name of the Vulnerable Software and Affected Versions: Snapdragon Mobile versions MDM9206, MDM9607, MDM9650 Snapdragon Wear versions MDM9206, MDM9607, MDM9650 Snapdragon Mobile versions SD 210, SD 212, SD 205 Snapdragon Mobile versions SD 835

Description: The issue allows for complete control of EL3 by unlocking all XPUs if the enable fuse is not blown, potentially leading to a security breach. This is related to the XBL sec mem dump system call in Snapdragon Mobile and Snapdragon Wear.

Recommendations: For Snapdragon Mobile version MDM9206, ensure the enable fuse is blown to prevent exploitation. For Snapdragon Mobile version MDM9607, ensure the enable fuse is blown to prevent exploitation. For Snapdragon Mobile version MDM9650, ensure the enable fuse is blown to prevent exploitation. For Snapdragon Wear version MDM9206, ensure the enable fuse is blown to prevent exploitation. For Snapdragon Wear version MDM9607, ensure the enable fuse is blown to prevent exploitation. For Snapdragon Wear version MDM9650, ensure the enable fuse is blown to prevent exploitation. For Snapdragon Mobile version SD 210, ensure the enable fuse is blown to prevent exploitation. For Snapdragon Mobile version SD 212, ensure the enable fuse is blown to prevent exploitation. For Snapdragon Mobile version SD 205, ensure the enable fuse is blown to prevent exploitation. For Snapdragon Mobile version SD 835, ensure the enable fuse is blown to prevent exploitation.