ID

VAR-201810-1161


CVE

CVE-2018-5914


TITLE

plural Snapdragon Vulnerability related to array index verification in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-013708

DESCRIPTION

Improper input validation in TZ led to array out of bound in TZ function while accessing the peripheral details using the incoming data in Snapdragon Mobile, Snapdragon Wear version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660. plural Snapdragon The product contains a vulnerability related to array index validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-68326803, A-62213176, A-73539234, A-72950814, A-77484228, A-111090697, A-68326811, A-78240387, A-78239234, A-68326819, A-71501117, A-72950958, A-74236425, A-77484229, A-79419793, A-109677940, A-109677982, A-109677964, A-109678202, A-109678380, A-111091377, A-111090533, A-111093202, A-111090698, A-111093021, and A-111093167. Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. An input validation vulnerability exists in TZ in several Qualcomm Snapdragon products. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. The following products (for mobile and wearable devices) are affected: Qualcomm MDM9206; MDM9607; MDM9650; SD 210; SD 212; SD 205; SD 425; SD 430; SD 450; SD 625; SDA660

Trust: 2.07

sources: NVD: CVE-2018-5914 // JVNDB: JVNDB-2018-013708 // BID: 106494 // VULHUB: VHN-135946 // VULMON: CVE-2018-5914

AFFECTED PRODUCTS

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 652scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 425scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 430scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 450scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 625scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 652scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 835scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sda660scope: - version: -

Trust: 0.8

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus playerscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 106494 // JVNDB: JVNDB-2018-013708 // NVD: CVE-2018-5914

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5914
value: HIGH

Trust: 1.0

NVD: CVE-2018-5914
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201810-1299
value: HIGH

Trust: 0.6

VULHUB: VHN-135946
value: HIGH

Trust: 0.1

VULMON: CVE-2018-5914
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-5914
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-135946
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-5914
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-135946 // VULMON: CVE-2018-5914 // JVNDB: JVNDB-2018-013708 // CNNVD: CNNVD-201810-1299 // NVD: CVE-2018-5914

PROBLEMTYPE DATA

problemtype:CWE-129

Trust: 1.9

sources: VULHUB: VHN-135946 // JVNDB: JVNDB-2018-013708 // NVD: CVE-2018-5914

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201810-1299

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201810-1299

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:mdm9206_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:mdm9607_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:mdm9650_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:sd_205_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:sd_210_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:sd_212_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:sd_425_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:sd_430_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:sd_450_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:sd_625_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:sd_650_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:sd_652_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:sd_835_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:qualcomm:sda660_firmware"
          }
        ]
      }
    ]
  }
]

sources: JVNDB: JVNDB-2018-013708

PATCH

title:October 2018 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins

Trust: 0.8

title:Multiple Qualcomm Snapdragon Fixes for product input validation vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86370

Trust: 0.6

title:Android Security Bulletins: Android Security Bulletin—September 2018url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=25cebb27b25b2e242f56769472d26cc5

Trust: 0.1

title:SamsungReleaseNotesurl:https://github.com/samreleasenotes/SamsungReleaseNotes

Trust: 0.1

sources: VULMON: CVE-2018-5914 // JVNDB: JVNDB-2018-013708 // CNNVD: CNNVD-201810-1299

EXTERNAL IDS

db:NVDid:CVE-2018-5914

Trust: 2.9

db:JVNDBid:JVNDB-2018-013708

Trust: 0.8

db:CNNVDid:CNNVD-201810-1299

Trust: 0.7

db:BIDid:106494

Trust: 0.3

db:VULHUBid:VHN-135946

Trust: 0.1

db:VULMONid:CVE-2018-5914

Trust: 0.1

sources: VULHUB: VHN-135946 // VULMON: CVE-2018-5914 // BID: 106494 // JVNDB: JVNDB-2018-013708 // CNNVD: CNNVD-201810-1299 // NVD: CVE-2018-5914

REFERENCES

url:https://www.qualcomm.com/company/product-security/bulletins

Trust: 1.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5914

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-5914

Trust: 0.8

url:https://source.android.com/security/bulletin/2018-09-01.html

Trust: 0.4

url:http://code.google.com/android/

Trust: 0.3

url:http://www.qualcomm.com/

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/129.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/samreleasenotes/samsungreleasenotes

Trust: 0.1

sources: VULHUB: VHN-135946 // VULMON: CVE-2018-5914 // BID: 106494 // JVNDB: JVNDB-2018-013708 // CNNVD: CNNVD-201810-1299 // NVD: CVE-2018-5914

CREDITS

The vendor reported these issues.

Trust: 0.3

sources: BID: 106494

SOURCES

db:VULHUBid:VHN-135946
db:VULMONid:CVE-2018-5914
db:BIDid:106494
db:JVNDBid:JVNDB-2018-013708
db:CNNVDid:CNNVD-201810-1299
db:NVDid:CVE-2018-5914

LAST UPDATE DATE

2024-11-23T21:52:46.085000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-135946date:2019-01-23T00:00:00
db:VULMONid:CVE-2018-5914date:2019-01-23T00:00:00
db:BIDid:106494date:2018-09-04T00:00:00
db:JVNDBid:JVNDB-2018-013708date:2019-02-28T00:00:00
db:CNNVDid:CNNVD-201810-1299date:2019-02-11T00:00:00
db:NVDid:CVE-2018-5914date:2024-11-21T04:09:41.620

SOURCES RELEASE DATE

db:VULHUBid:VHN-135946date:2018-10-26T00:00:00
db:VULMONid:CVE-2018-5914date:2018-10-26T00:00:00
db:BIDid:106494date:2018-09-04T00:00:00
db:JVNDBid:JVNDB-2018-013708date:2019-02-28T00:00:00
db:CNNVDid:CNNVD-201810-1299date:2018-10-29T00:00:00
db:NVDid:CVE-2018-5914date:2018-10-26T13:29:02.013