Details of VAR-201807-1354

ID

VAR-201807-1354

CVE

CVE-2018-11259

TITLE

plural Snapdragon Access control vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-008027

DESCRIPTION

Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased. Apps processor then has non-secure world full read/write access to the partition until the modem boots and configures the EFS partition addresses in its MPU partition. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78240792, A-78240715, A-78240449, A-78240612, A-78240794, A-78240199, A-78240071, A-78240736, A-78242049, A-78241971, A-78241834, A-78241375, A-68989823, A-72951265, A-74235874, A-74236406, A-77485022, A-77485183, A-77485139, A-77483830, and A-77484449. Qualcomm MDM9206 and others are products of Qualcomm (Qualcomm). MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. MDM9640 is a central processing unit (CPU) product. An access control error vulnerability exists in NAND-based EFS in several Qualcomm products. An attacker can exploit this vulnerability by using a specially crafted request to obtain the read and write permissions of the EFS partition. The following products are affected: Qualcomm MDM9206; MDM9607; MDM9635M; MDM9640; MDM9650; MDM9655; MSM8909W; MSM8996AU; SD 615/16; SD 415; SD 617; SD 625; SD 650/52; SD 800; SD 810; SD 820; SD 820A; SD 835; SD 845; SD 850; ;Snapdragon_High_Med_2016

Trust: 2.07

sources: NVD: CVE-2018-11259 // JVNDB: JVNDB-2018-008027 // BID: 104760 // VULHUB: VHN-121100 // VULMON: CVE-2018-11259

AFFECTED PRODUCTS

vendor:	qualcomm	model:	snapdragon high med 2016	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 820	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 800	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 810	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sdm632	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 835	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 820a	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 845	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sdm630	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 850	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 427	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 617	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 425	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 615	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9206	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9655	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9640	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 616	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 435	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 625	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm636	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 415	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 205	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 212	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 652	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8909w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx20	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9635m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 412	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 430	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 210	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 410	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9206	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9607	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9635m	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9640	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9650	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9655	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm8909w	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm8996au	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 205	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 210	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 212	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 410	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 412	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 415	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 425	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 427	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 430	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 435	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 450	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 615	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 616	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 617	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 625	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 650	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 652	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 800	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 810	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 820	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 820a	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 835	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 845	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 850	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sdm 632	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sdm630	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sdm636	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sdm660	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sdx20	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	snapdragon high med 2016	scope:	-	version:	-	Trust: 0.8
vendor:	google	model:	pixel xl	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	pixel c	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	pixel	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	nexus player	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	9	Trust: 0.3
vendor:	google	model:	nexus 6p	scope:	-	version:	-	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	6	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	5x	Trust: 0.3
vendor:	google	model:	android	scope:	eq	version:	0	Trust: 0.3

sources: BID: 104760 // JVNDB: JVNDB-2018-008027 // CNNVD: CNNVD-201807-424 // NVD: CVE-2018-11259

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-11259
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-11259
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201807-424
value:	HIGH
Trust: 0.6
VULHUB:	VHN-121100
value:	LOW
Trust: 0.1
VULMON:	CVE-2018-11259
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-11259
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-121100
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-11259
baseSeverity:	HIGH
baseScore:	7.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	5.2
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-121100 // VULMON: CVE-2018-11259 // JVNDB: JVNDB-2018-008027 // CNNVD: CNNVD-201807-424 // NVD: CVE-2018-11259

PROBLEMTYPE DATA

problemtype:	CWE-732	Trust: 1.1
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-121100 // JVNDB: JVNDB-2018-008027 // NVD: CVE-2018-11259

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201807-424

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201807-424

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-008027

PATCH

title:	Bulletins July2018	url:	https://www.qualcomm.com/company/product-security/bulletins	Trust: 0.8
title:	Qualcomm Snapdragon Automobile , Snapdragon Mobile and Snapdragon Wear Fixes for access control error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81845	Trust: 0.6
title:	Android Security Bulletins: Android Security Bulletin—July 2018	url:	https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=25584b3d319ca9e7cb2fae9ec5dbf5e0	Trust: 0.1
title:	SamsungReleaseNotes	url:	https://github.com/samreleasenotes/SamsungReleaseNotes	Trust: 0.1

sources: VULMON: CVE-2018-11259 // JVNDB: JVNDB-2018-008027 // CNNVD: CNNVD-201807-424

EXTERNAL IDS

db:	NVD	id:	CVE-2018-11259	Trust: 2.9
db:	JVNDB	id:	JVNDB-2018-008027	Trust: 0.8
db:	CNNVD	id:	CNNVD-201807-424	Trust: 0.7
db:	BID	id:	104760	Trust: 0.3
db:	VULHUB	id:	VHN-121100	Trust: 0.1
db:	VULMON	id:	CVE-2018-11259	Trust: 0.1

sources: VULHUB: VHN-121100 // VULMON: CVE-2018-11259 // BID: 104760 // JVNDB: JVNDB-2018-008027 // CNNVD: CNNVD-201807-424 // NVD: CVE-2018-11259

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11259	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-11259	Trust: 0.8
url:	http://code.google.com/android/	Trust: 0.3
url:	http://www.qualcomm.com/	Trust: 0.3
url:	https://source.android.com/security/bulletin/2018-07-01	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/732.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://source.android.com/security/bulletin/2018-07-01.html	Trust: 0.1
url:	https://github.com/samreleasenotes/samsungreleasenotes	Trust: 0.1

sources: VULHUB: VHN-121100 // VULMON: CVE-2018-11259 // BID: 104760 // JVNDB: JVNDB-2018-008027 // CNNVD: CNNVD-201807-424 // NVD: CVE-2018-11259

CREDITS

The vendor reported these issues.

Trust: 0.3

sources: BID: 104760

SOURCES

db:	VULHUB	id:	VHN-121100
db:	VULMON	id:	CVE-2018-11259
db:	BID	id:	104760
db:	JVNDB	id:	JVNDB-2018-008027
db:	CNNVD	id:	CNNVD-201807-424
db:	NVD	id:	CVE-2018-11259

LAST UPDATE DATE

2024-11-23T21:38:37.655000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-121100	date:	2019-10-03T00:00:00
db:	VULMON	id:	CVE-2018-11259	date:	2019-10-03T00:00:00
db:	BID	id:	104760	date:	2018-07-02T00:00:00
db:	JVNDB	id:	JVNDB-2018-008027	date:	2018-10-05T00:00:00
db:	CNNVD	id:	CNNVD-201807-424	date:	2020-07-27T00:00:00
db:	NVD	id:	CVE-2018-11259	date:	2024-11-21T03:43:00.527

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-121100	date:	2018-07-06T00:00:00
db:	VULMON	id:	CVE-2018-11259	date:	2018-07-06T00:00:00
db:	BID	id:	104760	date:	2018-07-02T00:00:00
db:	JVNDB	id:	JVNDB-2018-008027	date:	2018-10-05T00:00:00
db:	CNNVD	id:	CNNVD-201807-424	date:	2018-07-09T00:00:00
db:	NVD	id:	CVE-2018-11259	date:	2018-07-06T17:29:00.757