Details of VAR-201705-3418

ID

VAR-201705-3418

CVE

CVE-2017-0624

TITLE

Qualcomm Wi-Fi Vulnerability in information disclosure in drivers

Trust: 0.8

sources: JVNDB: JVNDB-2017-003323

DESCRIPTION

An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34327795. References: QC-CR#2005832. An attacker can exploit this issue to obtain potentially sensitive information. Information obtained may aid in further attacks. This issue is tracked by Android Bug ID-A-34327795

Trust: 1.98

sources: NVD: CVE-2017-0624 // JVNDB: JVNDB-2017-003323 // BID: 98200 // VULMON: CVE-2017-0624

IOT TAXONOMY

category:

['network device']

sub_category:

Wi-Fi device

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	linux	model:	kernel	scope:	eq	version:	3.10	Trust: 2.4
vendor:	linux	model:	kernel	scope:	eq	version:	3.18	Trust: 2.4
vendor:	google	model:	pixel xl	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	pixel	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	5x	Trust: 0.3

sources: BID: 98200 // JVNDB: JVNDB-2017-003323 // CNNVD: CNNVD-201705-283 // NVD: CVE-2017-0624

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-0624
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-0624
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201705-283
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2017-0624
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-0624
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2017-0624
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULMON: CVE-2017-0624 // JVNDB: JVNDB-2017-003323 // CNNVD: CNNVD-201705-283 // NVD: CVE-2017-0624

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2017-003323 // NVD: CVE-2017-0624

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-283

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201705-283

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-003323

PATCH

title:	Android Security Bulletin-May 2017	url:	https://source.android.com/security/bulletin/2017-05-01	Trust: 0.8
title:	Linux Kernel Archives	url:	http://www.kernel.org	Trust: 0.8
title:	Android Qualcomm Wi-Fi Fixes for driver information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69885	Trust: 0.6
title:	Android Security Bulletins: Android Security Bulletin—May 2017	url:	https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=473019536b98d5c3b462c97d8bdb8384	Trust: 0.1
title:	CVE-Study	url:	https://github.com/thdusdl1219/CVE-Study	Trust: 0.1

sources: VULMON: CVE-2017-0624 // JVNDB: JVNDB-2017-003323 // CNNVD: CNNVD-201705-283

EXTERNAL IDS

db:	NVD	id:	CVE-2017-0624	Trust: 2.9
db:	BID	id:	98200	Trust: 2.0
db:	JVNDB	id:	JVNDB-2017-003323	Trust: 0.8
db:	CNNVD	id:	CNNVD-201705-283	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULMON	id:	CVE-2017-0624	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2017-0624 // BID: 98200 // JVNDB: JVNDB-2017-003323 // CNNVD: CNNVD-201705-283 // NVD: CVE-2017-0624

REFERENCES

url:	https://source.android.com/security/bulletin/2017-05-01	Trust: 2.0
url:	http://www.securityfocus.com/bid/98200	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0624	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-0624	Trust: 0.8
url:	http://www.android.com/	Trust: 0.3
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://source.android.com/security/bulletin/2017-05-01.html	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2017-0624 // BID: 98200 // JVNDB: JVNDB-2017-003323 // CNNVD: CNNVD-201705-283 // NVD: CVE-2017-0624

CREDITS

Gengjia Chen (@chengjia4574) and pjf of IceSword Lab, Qihoo 360 Technology Co. Ltd

Trust: 0.9

sources: BID: 98200 // CNNVD: CNNVD-201705-283

SOURCES

db:	OTHER	id:	-
db:	VULMON	id:	CVE-2017-0624
db:	BID	id:	98200
db:	JVNDB	id:	JVNDB-2017-003323
db:	CNNVD	id:	CNNVD-201705-283
db:	NVD	id:	CVE-2017-0624

LAST UPDATE DATE

2025-04-20T19:46:46.039000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2017-0624	date:	2017-05-19T00:00:00
db:	BID	id:	98200	date:	2017-05-18T16:18:00
db:	JVNDB	id:	JVNDB-2017-003323	date:	2017-05-24T00:00:00
db:	CNNVD	id:	CNNVD-201705-283	date:	2017-05-05T00:00:00
db:	NVD	id:	CVE-2017-0624	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2017-0624	date:	2017-05-12T00:00:00
db:	BID	id:	98200	date:	2017-05-01T00:00:00
db:	JVNDB	id:	JVNDB-2017-003323	date:	2017-05-24T00:00:00
db:	CNNVD	id:	CNNVD-201705-283	date:	2017-05-05T00:00:00
db:	NVD	id:	CVE-2017-0624	date:	2017-05-12T15:29:02.440