ID
VAR-201810-0784
CVE
CVE-2018-11821
TITLE
Snapdragon Mobile and Snapdragon Wear Integer overflow vulnerability
Trust: 0.8
DESCRIPTION
Possible integer overflow may happen in WLAN during memory allocation in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016. Snapdragon Mobile and Snapdragon Wear Contains an integer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-120487384, A-117119000, A-117118976, A-117118295, A-117119172, A-122473270, A-109678120, A-111093019, A-111092813, A-111089816, A-111092945, A-111092919, A-111091938, A-111093762, A-111093242, A-111090373, A-111092814, A-111093763, A-111093243, A-111089817, A-111092400, A-111090534, A-111091378, A-111092946, A-111093022, A-111093244, A-111092888, A-111093280, A-111092401, A-111093259, A-111090535, A-112279580, A-112279127, A-119049704, A-119052960, A-114042276, A-117118499, A-117119174, A-117119152, A-117118789, A-122472377, A-120483842, A-122472139 and A-122473145. Qualcomm IPQ8074, etc. are all central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. An integer overflow vulnerability exists in WLAN in several Qualcomm Snapdragon products. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements
Trust: 2.07
AFFECTED PRODUCTS
| vendor: | qualcomm | model: | sd 625 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | ipq8074 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 427 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 425 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 435 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 430 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | mdm9650 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | mdm9206 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | mdm9607 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sd 450 | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | qualcomm | model: | sdm636 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sda660 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 650 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm632 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 835 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 652 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm710 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 850 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm630 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm660 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 845 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | ipq8074 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9206 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9607 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9650 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 425 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 427 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 430 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 435 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 450 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 625 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 650 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 652 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 835 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 845 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 850 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sda 660 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sdm 630 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sdm 632 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sdm 636 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sdm 660 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sdm710 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | model: | pixel xl | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | pixel c | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | pixel | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | nexus player | scope: | eq | version: | 0 | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 9 | Trust: 0.3 | |
| vendor: | model: | nexus 6p | scope: | - | version: | - | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 6 | Trust: 0.3 | |
| vendor: | model: | nexus | scope: | eq | version: | 5x | Trust: 0.3 | |
| vendor: | model: | android | scope: | eq | version: | 0 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-190 | Trust: 1.9 |
THREAT TYPE
local
Trust: 0.6
TYPE
input validation error
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | October 2018 Qualcomm Technologies, Inc. Security Bulletin | url: | https://www.qualcomm.com/company/product-security/bulletins | Trust: 0.8 |
| title: | Multiple Qualcomm Snapdragon Product digital error vulnerability fixes | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86305 | Trust: 0.6 |
| title: | Android Security Bulletins: Android Security Bulletin—April 2019 | url: | https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=cd95df8ce79ebdc8577685322caeeedf | Trust: 0.1 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2018-11821 | Trust: 2.9 |
| db: | BID | id: | 107681 | Trust: 2.1 |
| db: | JVNDB | id: | JVNDB-2018-011612 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201810-1284 | Trust: 0.7 |
| db: | VULHUB | id: | VHN-121719 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2018-11821 | Trust: 0.1 |
REFERENCES
| url: | http://www.securityfocus.com/bid/107681 | Trust: 2.5 |
| url: | https://www.qualcomm.com/company/product-security/bulletins | Trust: 1.8 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11821 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2018-11821 | Trust: 0.8 |
| url: | https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-april-2019-28925 | Trust: 0.6 |
| url: | https://source.android.com/security/bulletin/2019-04-01.html | Trust: 0.4 |
| url: | http://code.google.com/android/ | Trust: 0.3 |
| url: | http://www.qualcomm.com/ | Trust: 0.3 |
| url: | https://cwe.mitre.org/data/definitions/190.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
CREDITS
The vendor reported these issues.
Trust: 0.9
SOURCES
| db: | VULHUB | id: | VHN-121719 |
| db: | VULMON | id: | CVE-2018-11821 |
| db: | BID | id: | 107681 |
| db: | JVNDB | id: | JVNDB-2018-011612 |
| db: | CNNVD | id: | CNNVD-201810-1284 |
| db: | NVD | id: | CVE-2018-11821 |
LAST UPDATE DATE
2024-11-23T21:38:13.608000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-121719 | date: | 2019-04-25T00:00:00 |
| db: | VULMON | id: | CVE-2018-11821 | date: | 2019-04-25T00:00:00 |
| db: | BID | id: | 107681 | date: | 2019-04-01T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-011612 | date: | 2019-01-17T00:00:00 |
| db: | CNNVD | id: | CNNVD-201810-1284 | date: | 2019-04-26T00:00:00 |
| db: | NVD | id: | CVE-2018-11821 | date: | 2024-11-21T03:44:05.330 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-121719 | date: | 2018-10-26T00:00:00 |
| db: | VULMON | id: | CVE-2018-11821 | date: | 2018-10-26T00:00:00 |
| db: | BID | id: | 107681 | date: | 2019-04-01T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-011612 | date: | 2019-01-17T00:00:00 |
| db: | CNNVD | id: | CNNVD-201810-1284 | date: | 2018-10-29T00:00:00 |
| db: | NVD | id: | CVE-2018-11821 | date: | 2018-10-26T13:29:00.840 |