CVE-2017-18327

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon automobile versions MDM9607 through MDM9655 Qualcomm Snapdragon mobile versions MSM8909W through SD 845 Qualcomm Snapdragon wear versions SD 210 through SD 212 Qualcomm Snapdragon versions SD 425 through SD 450 Qualcomm Snapdragon versions SD 625 through SD 652 Qualcomm Snapdragon versions SD 670 through SD 820A Qualcomm Snapdragon versions SD 835 through SD 850 Qualcomm Snapdragon versions SDA660, SDX20, SXR1130

Description Security keys are logged when any WCDMA call is configured or reconfigured in Qualcomm Snapdragon products.

Recommendations For versions MDM9607 through MDM9655, update the software to prevent security key logging. For versions MSM8909W through SD 845, restrict access to WCDMA call configuration to minimize the risk of exploitation. For versions SD 210 through SD 212, consider disabling WCDMA call reconfiguration until a patch is available. For versions SD 425 through SD 450, avoid using WCDMA call configuration in sensitive environments. For versions SD 625 through SD 652, restrict WCDMA call configuration to authorized personnel only. For versions SD 670 through SD 820A, update the software to prevent security key logging. For versions SD 835 through SD 850, consider implementing additional security measures to protect against exploitation. For versions SDA660, SDX20, SXR1130, update the software to prevent security key logging.