Sign-up

ID

VAR-201807-1807


CVE

CVE-2018-5838


TITLE

Snapdragon Mobile and Snapdragon Wear Vulnerabilities in array index validation

Trust: 0.8

sources: JVNDB: JVNDB-2018-007673

DESCRIPTION

Improper Validation of Array Index In the adreno OpenGL driver in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur in SurfaceFlinger. Attackers can exploit this vulnerability to cause out-of-bounds access

Trust: 1.8

sources: NVD: CVE-2018-5838 // JVNDB: JVNDB-2018-007673 // VULHUB: VHN-135870 // VULMON: CVE-2018-5838

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 415scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 617scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 652scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 810scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 616scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 600scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 800scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 415scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 425scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 430scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 450scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 600scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 615scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 616scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 617scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 625scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 652scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 800scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 810scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 820scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 820ascope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 835scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 845scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sdx20scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-007673 // CNNVD: CNNVD-201807-409 // NVD: CVE-2018-5838

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5838
value: HIGH

Trust: 1.0

NVD: CVE-2018-5838
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201807-409
value: MEDIUM

Trust: 0.6

VULHUB: VHN-135870
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-5838
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-5838
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-135870
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-5838
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-135870 // VULMON: CVE-2018-5838 // JVNDB: JVNDB-2018-007673 // CNNVD: CNNVD-201807-409 // NVD: CVE-2018-5838

PROBLEMTYPE DATA

problemtype:CWE-129

Trust: 1.9

sources: VULHUB: VHN-135870 // JVNDB: JVNDB-2018-007673 // NVD: CVE-2018-5838

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201807-409

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201807-409

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-007673

PATCH
title:July 2018 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins
Trust: 0.8
title:Qualcomm Snapdragon Automobile , Snapdragon Mobile  and Snapdragon Wear Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81830
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—July 2018url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=25584b3d319ca9e7cb2fae9ec5dbf5e0
Trust: 0.1
title:SamsungReleaseNotesurl:https://github.com/samreleasenotes/SamsungReleaseNotes 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-5838 // 
            
            
            
            JVNDB: JVNDB-2018-007673 // 
            
            
            
            CNNVD: CNNVD-201807-409

EXTERNAL IDS
db:NVDid:CVE-2018-5838
Trust: 2.6
db:JVNDBid:JVNDB-2018-007673
Trust: 0.8
db:CNNVDid:CNNVD-201807-409
Trust: 0.7
db:VULHUBid:VHN-135870
Trust: 0.1
db:VULMONid:CVE-2018-5838
Trust: 0.1
sources:
            
            
            VULHUB: VHN-135870 // 
            
            
            
            VULMON: CVE-2018-5838 // 
            
            
            
            JVNDB: JVNDB-2018-007673 // 
            
            
            
            CNNVD: CNNVD-201807-409 // 
            
            
            
            NVD: CVE-2018-5838

REFERENCES
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5838
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-5838
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/129.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://source.android.com/security/bulletin/2018-07-01.html
Trust: 0.1
url:https://github.com/samreleasenotes/samsungreleasenotes
Trust: 0.1
sources:
            
            
            VULHUB: VHN-135870 // 
            
            
            
            VULMON: CVE-2018-5838 // 
            
            
            
            JVNDB: JVNDB-2018-007673 // 
            
            
            
            CNNVD: CNNVD-201807-409 // 
            
            
            
            NVD: CVE-2018-5838

SOURCES
db:VULHUBid:VHN-135870
db:VULMONid:CVE-2018-5838
db:JVNDBid:JVNDB-2018-007673
db:CNNVDid:CNNVD-201807-409
db:NVDid:CVE-2018-5838

LAST UPDATE DATE
2024-11-23T21:52:56.978000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-135870date:2018-09-04T00:00:00
db:VULMONid:CVE-2018-5838date:2018-09-04T00:00:00
db:JVNDBid:JVNDB-2018-007673date:2018-09-21T00:00:00
db:CNNVDid:CNNVD-201807-409date:2018-07-10T00:00:00
db:NVDid:CVE-2018-5838date:2024-11-21T04:09:30.663

SOURCES RELEASE DATE
db:VULHUBid:VHN-135870date:2018-07-06T00:00:00
db:VULMONid:CVE-2018-5838date:2018-07-06T00:00:00
db:JVNDBid:JVNDB-2018-007673date:2018-09-21T00:00:00
db:CNNVDid:CNNVD-201807-409date:2018-07-06T00:00:00
db:NVDid:CVE-2018-5838date:2018-07-06T17:29:01.523