Details of VAR-201810-0787

ID

VAR-201810-0787

CVE

CVE-2018-11828

TITLE

Snapdragon Mobile Vulnerable to resource exhaustion

Trust: 0.8

sources: JVNDB: JVNDB-2018-011614

DESCRIPTION

When FW tries to get random mac address generated from new SW RNG and ADC values read are constant then DUT get struck in loop while trying to get random ADC samples in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52. Snapdragon Mobile Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-120487384, A-117119000, A-117118976, A-117118295, A-117119172, A-122473270, A-109678120, A-111093019, A-111092813, A-111089816, A-111092945, A-111092919, A-111091938, A-111093762, A-111093242, A-111090373, A-111092814, A-111093763, A-111093243, A-111089817, A-111092400, A-111090534, A-111091378, A-111092946, A-111093022, A-111093244, A-111092888, A-111093280, A-111092401, A-111093259, A-111090535, A-112279580, A-112279127, A-119049704, A-119052960, A-114042276, A-117118499, A-117119174, A-117119152, A-117118789, A-122472377, A-120483842, A-122472139 and A-122473145

Trust: 2.07

sources: NVD: CVE-2018-11828 // JVNDB: JVNDB-2018-011614 // BID: 107681 // VULHUB: VHN-121726 // VULMON: CVE-2018-11828

AFFECTED PRODUCTS

vendor:	qualcomm	model:	sd 205	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 210	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 212	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 625	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 650	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 425	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 430	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 652	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 450	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 205	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 210	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 212	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 425	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 430	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 450	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 625	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 650	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 652	scope:	-	version:	-	Trust: 0.8
vendor:	google	model:	pixel xl	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	pixel c	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	pixel	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	nexus player	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	9	Trust: 0.3
vendor:	google	model:	nexus 6p	scope:	-	version:	-	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	6	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	5x	Trust: 0.3
vendor:	google	model:	android	scope:	eq	version:	0	Trust: 0.3

sources: BID: 107681 // JVNDB: JVNDB-2018-011614 // CNNVD: CNNVD-201810-1287 // NVD: CVE-2018-11828

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-11828
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-11828
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201810-1287
value:	HIGH
Trust: 0.6
VULHUB:	VHN-121726
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-11828
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-11828
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-121726
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-11828
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-121726 // VULMON: CVE-2018-11828 // JVNDB: JVNDB-2018-011614 // CNNVD: CNNVD-201810-1287 // NVD: CVE-2018-11828

PROBLEMTYPE DATA

problemtype:

CWE-400

Trust: 1.9

sources: VULHUB: VHN-121726 // JVNDB: JVNDB-2018-011614 // NVD: CVE-2018-11828

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-1287

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201810-1287

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011614

PATCH

title:	October 2018 Qualcomm Technologies, Inc. Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins	Trust: 0.8
title:	Multiple Qualcomm Snapdragon Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86358	Trust: 0.6
title:	Android Security Bulletins: Android Security Bulletin—April 2019	url:	https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=cd95df8ce79ebdc8577685322caeeedf	Trust: 0.1

sources: VULMON: CVE-2018-11828 // JVNDB: JVNDB-2018-011614 // CNNVD: CNNVD-201810-1287

EXTERNAL IDS

db:	NVD	id:	CVE-2018-11828	Trust: 2.9
db:	BID	id:	107681	Trust: 2.1
db:	JVNDB	id:	JVNDB-2018-011614	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-1287	Trust: 0.6
db:	VULHUB	id:	VHN-121726	Trust: 0.1
db:	VULMON	id:	CVE-2018-11828	Trust: 0.1

sources: VULHUB: VHN-121726 // VULMON: CVE-2018-11828 // BID: 107681 // JVNDB: JVNDB-2018-011614 // CNNVD: CNNVD-201810-1287 // NVD: CVE-2018-11828

REFERENCES

url:	http://www.securityfocus.com/bid/107681	Trust: 2.5
url:	https://www.qualcomm.com/company/product-security/bulletins	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11828	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-11828	Trust: 0.8
url:	https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-april-2019-28925	Trust: 0.6
url:	https://source.android.com/security/bulletin/2019-04-01.html	Trust: 0.4
url:	http://code.google.com/android/	Trust: 0.3
url:	http://www.qualcomm.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/400.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-121726 // VULMON: CVE-2018-11828 // BID: 107681 // JVNDB: JVNDB-2018-011614 // CNNVD: CNNVD-201810-1287 // NVD: CVE-2018-11828

CREDITS

The vendor reported these issues.

Trust: 0.9

sources: BID: 107681 // CNNVD: CNNVD-201810-1287

SOURCES

db:	VULHUB	id:	VHN-121726
db:	VULMON	id:	CVE-2018-11828
db:	BID	id:	107681
db:	JVNDB	id:	JVNDB-2018-011614
db:	CNNVD	id:	CNNVD-201810-1287
db:	NVD	id:	CVE-2018-11828

LAST UPDATE DATE

2024-11-23T21:38:13.713000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-121726	date:	2019-04-25T00:00:00
db:	VULMON	id:	CVE-2018-11828	date:	2019-04-25T00:00:00
db:	BID	id:	107681	date:	2019-04-01T00:00:00
db:	JVNDB	id:	JVNDB-2018-011614	date:	2019-01-17T00:00:00
db:	CNNVD	id:	CNNVD-201810-1287	date:	2019-04-26T00:00:00
db:	NVD	id:	CVE-2018-11828	date:	2024-11-21T03:44:06.067

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-121726	date:	2018-10-26T00:00:00
db:	VULMON	id:	CVE-2018-11828	date:	2018-10-26T00:00:00
db:	BID	id:	107681	date:	2019-04-01T00:00:00
db:	JVNDB	id:	JVNDB-2018-011614	date:	2019-01-17T00:00:00
db:	CNNVD	id:	CNNVD-201810-1287	date:	2018-10-29T00:00:00
db:	NVD	id:	CVE-2018-11828	date:	2018-10-26T13:29:01.107