CVE-2017-13218
Description
Access to CNTVCT_EL0 in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear could be used for side channel attacks and this could lead to local information disclosure with no additional execution privileges needed in FSM9055, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA4531, QCA9980, QCN5502, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Access to CNTVCT_EL0 in Qualcomm SoCs allows side channel attacks leading to local information disclosure without additional privileges.
Vulnerability
CVE-2017-13218 is an issue in the generic timer counter register CNTVCT_EL0, accessible from user space on Qualcomm SoCs including FSM9055, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA4531, QCA9980, QCN5502, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, and SD 845. The counter can be used as a high-resolution timing source for side channel attacks. No additional execution privileges are needed to access the counter.
Exploitation
An attacker with local access to an affected device can read the CNTVCT_EL0 register to obtain precise timing information. This timing data can be used in side channel attacks to infer sensitive information, such as cryptographic keys or other data protected by constant-time execution assumptions.
Impact
Successful exploitation leads to local information disclosure. The attacker gains access to potentially sensitive data without requiring elevated privileges.
Mitigation
This issue is addressed in the Android Security Bulletin for January 2018 [1]. Users should update their devices to the latest security patch level to mitigate the vulnerability. No workarounds are available other than applying the patch.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Qualcomm, Inc./Android for MSM, Firefox OS for MSM, QRD Androidv5Range: All Android releases from CAF using the Linux kernel
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlmitrex_refsource_CONFIRM
- www.securityfocus.com/bid/102390mitrevdb-entryx_refsource_BID
- www.securitytracker.com/id/1040106mitrevdb-entryx_refsource_SECTRACK
- source.android.com/security/bulletin/2018-01-01mitrex_refsource_CONFIRM
- www.codeaurora.org/security-bulletin/2018/06/04/june-2018-code-aurora-security-bulletinmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.