CVE-2017-18312

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon Automobile versions MSM8996AU Qualcomm Snapdragon Mobile versions SD 410/12, SD 617, SD 650/52, SD 810, SD 820, SD 820A

Description: The issue allows a third-party to manipulate a device and perform unauthorized operations due to the lack of checking of same state transitions while accessing SafeSwitch services.

Recommendations: For Qualcomm Snapdragon Automobile version MSM8996AU, update the software to include proper state transition checks to prevent unauthorized access. For Qualcomm Snapdragon Mobile versions SD 410/12, SD 617, SD 650/52, SD 810, SD 820, SD 820A, apply configuration changes to restrict unauthorized operations until a patch is available. As a temporary workaround, consider restricting access to SafeSwitch services until the issue is resolved.