Sign-up

ID

VAR-201811-0550


CVE

CVE-2018-5870


TITLE

Snapdragon Mobile Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-012573

DESCRIPTION

While loading a service image, an untrusted pointer dereference can occur in Snapdragon Mobile in versions SD 835, SDA660, SDX24. Snapdragon Mobile Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78244877, A-79420111, A-109677962, A-68326808, A-78240714, A-78240675, A-78241957, A-72950294, A-74235967, A-77484722, A-77484786, A-79420492, A-79420096, and A-109678529. Qualcomm Snapdragon Mobile SD 835, SDA660 and SDX24 are all products of Qualcomm (Qualcomm). The Qualcomm Snapdragon Mobile SD 835 and SDA660 are both central processing units (CPUs) used in mobile devices. product. SDX24 is a modem. TrustZone in Qualcomm Snapdragon Mobile SD 835, SDA660, and SDX24 has a security vulnerability

Trust: 2.07

sources: NVD: CVE-2018-5870 // JVNDB: JVNDB-2018-012573 // BID: 105838 // VULHUB: VHN-135902 // VULMON: CVE-2018-5870

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 835scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sda660scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sdx24scope: - version: -

Trust: 0.8

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus playerscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 105838 // JVNDB: JVNDB-2018-012573 // CNNVD: CNNVD-201811-837 // NVD: CVE-2018-5870

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5870
value: HIGH

Trust: 1.0

NVD: CVE-2018-5870
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201811-837
value: HIGH

Trust: 0.6

VULHUB: VHN-135902
value: HIGH

Trust: 0.1

VULMON: CVE-2018-5870
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-5870
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-135902
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-5870
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-135902 // VULMON: CVE-2018-5870 // JVNDB: JVNDB-2018-012573 // CNNVD: CNNVD-201811-837 // NVD: CVE-2018-5870

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-135902 // JVNDB: JVNDB-2018-012573 // NVD: CVE-2018-5870

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201811-837

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201811-837

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-012573

PATCH
title:November 2018 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins
Trust: 0.8
title:Qualcomm Snapdragon Mobile SD 835 , SDA660  and SDX24 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87061
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—November 2018url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=2a07dd9b0f590517e161812c849b67e5
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-5870 // 
            
            
            
            JVNDB: JVNDB-2018-012573 // 
            
            
            
            CNNVD: CNNVD-201811-837

EXTERNAL IDS
db:NVDid:CVE-2018-5870
Trust: 2.9
db:BIDid:105838
Trust: 1.5
db:JVNDBid:JVNDB-2018-012573
Trust: 0.8
db:CNNVDid:CNNVD-201811-837
Trust: 0.7
db:VULHUBid:VHN-135902
Trust: 0.1
db:VULMONid:CVE-2018-5870
Trust: 0.1
sources:
            
            
            VULHUB: VHN-135902 // 
            
            
            
            VULMON: CVE-2018-5870 // 
            
            
            
            BID: 105838 // 
            
            
            
            JVNDB: JVNDB-2018-012573 // 
            
            
            
            CNNVD: CNNVD-201811-837 // 
            
            
            
            NVD: CVE-2018-5870

REFERENCES
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 1.8
url:http://www.securityfocus.com/bid/105838
Trust: 1.3
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5870
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-5870
Trust: 0.8
url:https://source.android.com/security/bulletin/2018-11-01.html
Trust: 0.4
url:http://code.google.com/android/
Trust: 0.3
url:http://www.qualcomm.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-135902 // 
            
            
            
            VULMON: CVE-2018-5870 // 
            
            
            
            BID: 105838 // 
            
            
            
            JVNDB: JVNDB-2018-012573 // 
            
            
            
            CNNVD: CNNVD-201811-837 // 
            
            
            
            NVD: CVE-2018-5870

CREDITS
The vendor reported these issues.
Trust: 0.3
sources:
            
            
            BID: 105838

SOURCES
db:VULHUBid:VHN-135902
db:VULMONid:CVE-2018-5870
db:BIDid:105838
db:JVNDBid:JVNDB-2018-012573
db:CNNVDid:CNNVD-201811-837
db:NVDid:CVE-2018-5870

LAST UPDATE DATE
2024-11-23T22:00:18.545000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-135902date:2018-12-26T00:00:00
db:VULMONid:CVE-2018-5870date:2018-12-26T00:00:00
db:BIDid:105838date:2018-11-05T00:00:00
db:JVNDBid:JVNDB-2018-012573date:2019-02-05T00:00:00
db:CNNVDid:CNNVD-201811-837date:2018-11-29T00:00:00
db:NVDid:CVE-2018-5870date:2024-11-21T04:09:35.180

SOURCES RELEASE DATE
db:VULHUBid:VHN-135902date:2018-11-28T00:00:00
db:VULMONid:CVE-2018-5870date:2018-11-28T00:00:00
db:BIDid:105838date:2018-11-05T00:00:00
db:JVNDBid:JVNDB-2018-012573date:2019-02-05T00:00:00
db:CNNVDid:CNNVD-201811-837date:2018-11-29T00:00:00
db:NVDid:CVE-2018-5870date:2018-11-28T15:29:00.580