ID
VAR-201807-1353
CVE
CVE-2018-11258
TITLE
plural Qualcomm Snapdragon Vulnerability in using freed memory in products
Trust: 0.8
DESCRIPTION
In ADSP RPC in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, a Use After Free condition can occur in versions MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDX20. Snapdragon Automobile , Snapdragon Mobile ,and Snapdragon Wear Contains a vulnerability in the use of freed memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. QualcommMDM9206 is a central processing unit (CPU) product that Qualcomm uses on different platforms. ADSPRPC is one of the digital signal processing components. ADSPRPC in several Qualcomm products has a memory error reference vulnerability, and there is no detailed vulnerability description at present. Qualcomm MDM9206, etc. ADSP RPC in several Qualcomm products has a use-after-free vulnerability. A local attacker could exploit this vulnerability by sending a specially crafted request to cause a denial of service
Trust: 2.34
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | qualcomm | model: | sd 652 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 212 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 625 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 820 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 650 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 835 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 820a | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 845 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sdx20 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 415 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | mdm9206 | scope: | - | version: | - | Trust: 1.4 |
| vendor: | qualcomm | model: | mdm9607 | scope: | - | version: | - | Trust: 1.4 |
| vendor: | qualcomm | model: | mdm9650 | scope: | - | version: | - | Trust: 1.4 |
| vendor: | qualcomm | model: | msm8909w | scope: | - | version: | - | Trust: 1.4 |
| vendor: | qualcomm | model: | msm8996au | scope: | - | version: | - | Trust: 1.4 |
| vendor: | qualcomm | model: | sdx20 | scope: | - | version: | - | Trust: 1.4 |
| vendor: | qualcomm | model: | sd 820a | scope: | - | version: | - | Trust: 1.4 |
| vendor: | qualcomm | model: | msm8996au | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 205 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 425 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9607 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 615 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9650 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9206 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 450 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 616 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | msm8909w | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 210 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 205 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 210 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 212 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 415 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 425 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 450 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 615 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 616 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 625 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 650 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 652 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 820 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 835 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 845 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 210 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 212 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 205 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 845 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 850 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 425 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 450 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 615/16 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 415 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 625 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 650/52 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 820 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 835 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-416 | Trust: 1.9 |
THREAT TYPE
local
Trust: 0.6
TYPE
lack of information
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | July 2018 Qualcomm Technologies, Inc. Security Bulletin | url: | https://www.qualcomm.com/company/product-security/bulletins | Trust: 0.8 |
| title: | A variety of Qualcomm products ADSPRPC component memory error reference vulnerability patch | url: | https://www.cnvd.org.cn/patchInfo/show/133991 | Trust: 0.6 |
| title: | Multiple Qualcomm product ADSP RPC Security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81846 | Trust: 0.6 |
| title: | Android Security Bulletins: Android Security Bulletin—July 2018 | url: | https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=25584b3d319ca9e7cb2fae9ec5dbf5e0 | Trust: 0.1 |
| title: | Android Security Bulletins: Android Security Bulletin—August 2018 | url: | https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=746dc14fcd3f5e139648cfdc9d9039a9 | Trust: 0.1 |
| title: | SamsungReleaseNotes | url: | https://github.com/samreleasenotes/SamsungReleaseNotes | Trust: 0.1 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2018-11258 | Trust: 3.2 |
| db: | SECTRACK | id: | 1041432 | Trust: 1.2 |
| db: | JVNDB | id: | JVNDB-2018-007858 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201807-425 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2018-12822 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-121099 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2018-11258 | Trust: 0.1 |
REFERENCES
| url: | https://www.qualcomm.com/company/product-security/bulletins | Trust: 2.4 |
| url: | http://www.securitytracker.com/id/1041432 | Trust: 1.2 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11258 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2018-11258 | Trust: 0.8 |
| url: | https://cwe.mitre.org/data/definitions/416.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | https://source.android.com/security/bulletin/2018-07-01.html | Trust: 0.1 |
| url: | https://github.com/samreleasenotes/samsungreleasenotes | Trust: 0.1 |
SOURCES
| db: | CNVD | id: | CNVD-2018-12822 |
| db: | VULHUB | id: | VHN-121099 |
| db: | VULMON | id: | CVE-2018-11258 |
| db: | JVNDB | id: | JVNDB-2018-007858 |
| db: | CNNVD | id: | CNNVD-201807-425 |
| db: | NVD | id: | CVE-2018-11258 |
LAST UPDATE DATE
2024-11-23T20:27:33.225000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2018-12822 | date: | 2018-07-10T00:00:00 |
| db: | VULHUB | id: | VHN-121099 | date: | 2018-09-06T00:00:00 |
| db: | VULMON | id: | CVE-2018-11258 | date: | 2018-09-06T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-007858 | date: | 2018-09-28T00:00:00 |
| db: | CNNVD | id: | CNNVD-201807-425 | date: | 2019-01-28T00:00:00 |
| db: | NVD | id: | CVE-2018-11258 | date: | 2024-11-21T03:43:00.387 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2018-12822 | date: | 2018-07-10T00:00:00 |
| db: | VULHUB | id: | VHN-121099 | date: | 2018-07-06T00:00:00 |
| db: | VULMON | id: | CVE-2018-11258 | date: | 2018-07-06T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-007858 | date: | 2018-09-28T00:00:00 |
| db: | CNNVD | id: | CNNVD-201807-425 | date: | 2018-07-09T00:00:00 |
| db: | NVD | id: | CVE-2018-11258 | date: | 2018-07-06T17:29:00.710 |