CRITICAL🇵🇱 Wersja polska

CVE-2017-11076

CVSS 9.8v3.1pub. 2024-11-26upd. 2025-01-09

On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware which can lead to an invalid memory access by the decoder.

🤖 AI Analysis
How it works

In certain hardware revisions where VP9 decoding is hardware-based, the frame size is not correctly programmed in the decoder chip. This results in the decoder being able to access an incorrect memory region while processing the video stream. The flaw falls under the category of CWE-823 (use of out-of-range pointer offset) and CWE-119 (improper restriction of operations within a memory buffer).

Impact

An attacker can compromise the confidentiality, integrity, and availability of the system, potentially executing arbitrary code or causing device failure through a crafted VP9 video stream.

Mitigation & patch

Apply patches available from the manufacturer according to the references — Qualcomm security bulletin from May 2018: https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html

Who is affected

Qualcomm MSM8909W Firmware, Qualcomm MSM8996AU Firmware, Qualcomm SD 210 Firmware — specific affected hardware revisions indicated in the Qualcomm security bulletin from May 2018

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Qualcomm Msm8909w

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Msm8909w Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Msm8996au

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Msm8996au Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 205

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 205 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 210

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 210 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 212

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 212 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 415

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 415 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 425

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 425 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 427

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 427 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 430

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 430 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 435

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 435 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 450

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 450 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 615

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 615 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 616

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 616 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 625

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 625 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 810

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 810 Firmware

    OS
    Qualcomm
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-21483CRITICAL9.8PL ✓ten sam produkt

Memory corruption w Qualcomm podczas składania pakietów RTP (NALUs)

CVE-2017-17772CRITICAL9.8PL ✓ten sam produkt

Qualcomm SD 450/625/820 — odczyt poza granicami bufora w obsłudze ramek 802.11

CVE-2018-11922CRITICAL9.8PL ✓ten sam produkt

Qualcomm Touch Pal – zbieranie danych o użytkowniku bez jego wiedzy

CVE-2023-43551CRITICAL9.1PL ✓ten sam produkt

Pominięcie uwierzytelnienia w sieciach LTE w modemach Qualcomm

CVE-2023-33030CRITICAL9.3PL ✓ten sam produkt

Memory corruption w HLOS podczas obsługi PlayReady w chipsetach Qualcomm