CVE-2017-18326

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions MDM9607 through MDM9655 Qualcomm Snapdragon versions MSM8909W Qualcomm Snapdragon versions SD 210 through SD 212 Qualcomm Snapdragon versions SD 205 Qualcomm Snapdragon versions SD 410 through SD 412 Qualcomm Snapdragon version SD 425 Qualcomm Snapdragon version SD 427 Qualcomm Snapdragon version SD 430 Qualcomm Snapdragon version SD 435 Qualcomm Snapdragon version SD 450 Qualcomm Snapdragon versions SD 615 through SD 616 Qualcomm Snapdragon version SD 415 Qualcomm Snapdragon version SD 625 Qualcomm Snapdragon version SD 636 Qualcomm Snapdragon versions SD 650 through SD 652 Qualcomm Snapdragon version SD 800 Qualcomm Snapdragon version SD 810 Qualcomm Snapdragon version SD 820 Qualcomm Snapdragon version SD 835 Qualcomm Snapdragon version SDA660 Qualcomm Snapdragon version SDM630 Qualcomm Snapdragon version SDM660

Description Cryptographic keys are printed in modem debug messages in Snapdragon mobile and Snapdragon wear.

Recommendations For versions MDM9607 through MDM9655, consider disabling modem debug messages until a patch is available. For version MSM8909W, restrict access to modem debug logs to minimize the risk of exploitation. For versions SD 210 through SD 212, avoid using debug modes that print cryptographic keys. For version SD 205, consider implementing additional logging controls to prevent key exposure. For versions SD 410 through SD 412, disable debug message printing for cryptographic keys. For version SD 425, restrict access to debug messages that contain cryptographic information. For version SD 427, avoid printing cryptographic keys in debug logs. For version SD 430, consider implementing secure logging practices to protect cryptographic keys. For version SD 435, disable debug modes that expose cryptographic keys. For version SD 450, restrict access to cryptographic key information in debug messages. For versions SD 615 through SD 616, consider disabling debug message printing for cryptographic information. For version SD 415, avoid using debug modes that print cryptographic keys. For version SD 625, restrict access to debug logs that contain cryptographic information. For version SD 636, consider implementing additional controls to prevent key exposure in debug messages. For versions SD 650 through SD 652, disable debug message printing for cryptographic keys. For version SD 800, restrict access to debug messages that contain cryptographic information. For version SD 810, avoid printing cryptographic keys in debug logs. For version SD 820, consider implementing secure logging practices to protect cryptographic keys. For version SD 835, disable debug modes that expose cryptographic keys. For version SDA660, restrict access to cryptographic key information in debug messages. For version SDM630, consider disabling debug message printing for cryptographic information. For version SDM660, avoid using debug modes that print cryptographic keys. At the moment, there is no information about a newer version that contains a fix for this vulnerability.