CVE-2017-18147
Description
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in MMCP, a downlink message is not being properly validated.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An unvalidated downlink message in Qualcomm MMCP can lead to privilege escalation or denial of service on affected Android devices.
Vulnerability
The vulnerability resides in the MMCP (Mobile Modem Control Protocol) component of Qualcomm's firmware, as used in Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05. The issue is that a downlink message is not properly validated [1]. This could allow an attacker to craft a malicious message that triggers unexpected behavior in the modem processor.
Exploitation
An attacker with the ability to send a crafted downlink message to the device (likely requiring proximity to the cellular network or a compromised base station) can exploit the missing validation. No authentication or user interaction is required on the target device, as the message is processed at the modem level before reaching the Android operating system.
Impact
Successful exploitation could lead to arbitrary code execution or denial of service on the modem processor, potentially allowing the attacker to escalate privileges or disrupt cellular services. The impact is primarily on the confidentiality, integrity, and availability of the modem's processing.
Mitigation
Google's April 2018 Android Security Bulletin includes a patch for this vulnerability, released on 2018-04-01 [1]. Users should ensure their device has received the Android security patch level 2018-04-05 or later. No other workarounds have been disclosed.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: < kernel security patch level 2018-04-05
- Range: < kernel security patch level 2018-04-05
- Range: < kernel security patch level 2018-04-05
- Qualcomm, Inc./Android for MSM, Firefox OS for MSM, QRD Androidv5Range: All Android releases from CAF using the Linux kernel
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/103671mitrevdb-entryx_refsource_BID
- source.android.com/security/bulletin/2018-04-01mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.