ID
VAR-201810-0533
CVE
CVE-2018-11853
TITLE
Snapdragon Mobile and Snapdragon Wear Buffer error vulnerability
Trust: 0.8
DESCRIPTION
Lack of check on out of range for channels When processing channel list set command will lead to buffer flow in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016. Snapdragon Mobile and Snapdragon Wear Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-120487384, A-117119000, A-117118976, A-117118295, A-117119172, A-122473270, A-109678120, A-111093019, A-111092813, A-111089816, A-111092945, A-111092919, A-111091938, A-111093762, A-111093242, A-111090373, A-111092814, A-111093763, A-111093243, A-111089817, A-111092400, A-111090534, A-111091378, A-111092946, A-111093022, A-111093244, A-111092888, A-111093280, A-111092401, A-111093259, A-111090535, A-112279580, A-112279127, A-119049704, A-119052960, A-114042276, A-117118499, A-117119174, A-117119152, A-117118789, A-122472377, A-120483842, A-122472139 and A-122473145. Qualcomm IPQ8074, etc. are all central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. A buffer overflow vulnerability exists in several Qualcomm Snapdragon products. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service
Trust: 2.07
AFFECTED PRODUCTS
| vendor: | qualcomm | model: | sda660 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sdm710 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sdm636 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sdm660 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sdm632 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 845 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sdm429 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sdm439 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sdm630 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 850 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 427 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 650 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 835 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 652 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 425 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9607 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9650 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9206 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 450 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | ipq8074 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 435 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 430 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 625 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | ipq8074 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9206 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9607 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9650 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 425 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 427 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 430 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 435 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 450 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 625 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 650 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 652 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 835 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 845 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 850 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sda 660 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sdm 429 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sdm 439 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sdm 630 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sdm 632 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sdm 636 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sdm 660 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sdm710 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | model: | pixel xl | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | pixel c | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | pixel | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | nexus player | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 9 | Trust: 0.3 | |
| vendor: | model: | nexus 6p | scope: | - | version: | - | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 6 | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 5x | Trust: 0.3 | |
| vendor: | model: | android | scope: | eq | version: | 0 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-119 | Trust: 1.9 |
THREAT TYPE
local
Trust: 0.6
TYPE
buffer error
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | October 2018 Qualcomm Technologies, Inc. Security Bulletin | url: | https://www.qualcomm.com/company/product-security/bulletins | Trust: 0.8 |
| title: | Multiple Qualcomm Snapdragon Product Buffer Error Vulnerability Fix | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86362 | Trust: 0.6 |
| title: | Android Security Bulletins: Android Security Bulletin—April 2019 | url: | https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=cd95df8ce79ebdc8577685322caeeedf | Trust: 0.1 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2018-11853 | Trust: 2.9 |
| db: | BID | id: | 107681 | Trust: 2.1 |
| db: | JVNDB | id: | JVNDB-2018-011515 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201810-1291 | Trust: 0.7 |
| db: | VULHUB | id: | VHN-121754 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2018-11853 | Trust: 0.1 |
REFERENCES
| url: | http://www.securityfocus.com/bid/107681 | Trust: 2.5 |
| url: | https://www.qualcomm.com/company/product-security/bulletins | Trust: 1.8 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11853 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2018-11853 | Trust: 0.8 |
| url: | https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-april-2019-28925 | Trust: 0.6 |
| url: | https://source.android.com/security/bulletin/2019-04-01.html | Trust: 0.4 |
| url: | http://code.google.com/android/ | Trust: 0.3 |
| url: | http://www.qualcomm.com/ | Trust: 0.3 |
| url: | https://cwe.mitre.org/data/definitions/119.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
CREDITS
The vendor reported these issues.
Trust: 0.9
SOURCES
| db: | VULHUB | id: | VHN-121754 |
| db: | VULMON | id: | CVE-2018-11853 |
| db: | BID | id: | 107681 |
| db: | JVNDB | id: | JVNDB-2018-011515 |
| db: | CNNVD | id: | CNNVD-201810-1291 |
| db: | NVD | id: | CVE-2018-11853 |
LAST UPDATE DATE
2024-11-23T21:38:14.236000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-121754 | date: | 2019-04-25T00:00:00 |
| db: | VULMON | id: | CVE-2018-11853 | date: | 2019-04-25T00:00:00 |
| db: | BID | id: | 107681 | date: | 2019-04-01T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-011515 | date: | 2019-01-16T00:00:00 |
| db: | CNNVD | id: | CNNVD-201810-1291 | date: | 2019-04-04T00:00:00 |
| db: | NVD | id: | CVE-2018-11853 | date: | 2024-11-21T03:44:08.177 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-121754 | date: | 2018-10-26T00:00:00 |
| db: | VULMON | id: | CVE-2018-11853 | date: | 2018-10-26T00:00:00 |
| db: | BID | id: | 107681 | date: | 2019-04-01T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-011515 | date: | 2019-01-16T00:00:00 |
| db: | CNNVD | id: | CNNVD-201810-1291 | date: | 2018-10-29T00:00:00 |
| db: | NVD | id: | CVE-2018-11853 | date: | 2018-10-26T13:29:01.467 |