CVE-2017-18129
Description
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9206, MDM9607, SD 845, MSM8996, MSM8998, it is possible for IPA (internet protocol accelerator) channels owned by one security domain to be controlled from other domains.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A Qualcomm IPA driver flaw lets an attacker from one security domain control channels belonging to another, potentially leading to privilege escalation.
Vulnerability
In the Qualcomm internet protocol accelerator (IPA) driver used in Snapdragon Automobile and Snapdragon Mobile platforms (MDM9206, MDM9607, SD 845, MSM8996, MSM8998), IPA channels assigned to one security domain can be controlled from a different domain. This flaw exists in Android builds before the 2018-04-05 security patch level [1] and allows cross-domain channel manipulation.
Exploitation
An attacker with local access to a device running the vulnerable code, and the ability to execute code within one security domain, can exploit the missing domain isolation to send IPA channel commands that belong to another domain. No additional authentication or user interaction is required beyond the attacker already having code execution in the source domain [1].
Impact
Successful exploitation enables an attacker to perform operations on IPA channels that belong to a different security domain, which can result in privilege escalation relative to the target domain. The attacker may gain unauthorized access to network data flows processed by the IPA, leading to information disclosure or disruption of services [1].
Mitigation
The issue was fixed in the Android security patch level of 2018-04-05 [1]. Users should ensure their devices have received the April 2018 or later Android security updates. No workaround is available for unpatched devices.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: before 2018-04-05
- Qualcomm, Inc./Snapdragon Automobile, Snapdragon Mobilev5Range: MDM9206, MDM9607, SD 845, MSM8996, MSM8998
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/103671mitrevdb-entryx_refsource_BID
- source.android.com/security/bulletin/2018-04-01mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.