CVE-2017-18323

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130.

Description A cryptographic key material leak was discovered in TDSCDMA RRC debug messages in Qualcomm Snapdragon automobile, mobile, and wear products. This issue may allow unauthorized access to sensitive information.

Recommendations For Qualcomm Snapdragon versions MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130, consider disabling TDSCDMA RRC debug messages to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.