CVE-2017-18172
Description
In a device, with screen size 1440x2560, the check of contiguous buffer will overflow on certain buffer size resulting in an Integer Overflow or Wraparound in System UI in Snapdragon Automobile, Snapdragon Mobile in version MDM9635M, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An integer overflow in contiguous buffer size check in Qualcomm System UI can cause screen corruption or denial of service on affected Snapdragon devices.
Vulnerability
In a device with a 1440x2560 screen, the check of contiguous buffer size during display operations in System UI overflows on certain buffer sizes, leading to an integer overflow or wraparound. This affects Qualcomm Snapdragon Automobile and Mobile platforms: MDM9635M, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016 [1].
Exploitation
An attacker requires local access to the device and the ability to trigger display operations that allocate a contiguous buffer of a size that causes the check to overflow. No authentication is needed beyond normal user-level access, as the vulnerable code is reachable from the System UI process [1]. The exploitation sequence involves sending malformed display commands or manipulating screen buffer allocations to cause the integer wraparound.
Impact
Successful exploitation can lead to denial of service via screen corruption or system instability, potentially allowing the attacker to cause the System UI to crash or behave unexpectedly. Information disclosure or elevation of privilege is not documented; the primary impact is on availability [1].
Mitigation
A fix was included in the Android Security Bulletin for July 2018, with security patch level 2018-07-05 or later [1]. Users should ensure their devices receive this update from their device manufacturer or carrier. No workaround is provided, and the vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog. Affected devices that are no longer receiving security updates remain vulnerable.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Qualcomm, Inc./Snapdragon Automobile, Snapdragon Mobilev5Range: MDM9635M, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- source.android.com/security/bulletin/2018-07-01mitrex_refsource_CONFIRM
- www.qualcomm.com/company/product-security/bulletinsmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.