Details of VAR-201811-0554

ID

VAR-201811-0554

CVE

CVE-2018-5917

TITLE

Snapdragon Automobile and Snapdragon Mobile Buffer error vulnerability \

Trust: 0.8

sources: JVNDB: JVNDB-2018-012570

DESCRIPTION

Possible buffer overflow in OEM crypto function due to improper input validation in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU, SD 425, SD 430, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130. Snapdragon Automobile and Snapdragon Mobile Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78244877, A-79420111, A-109677962, A-68326808, A-78240714, A-78240675, A-78241957, A-72950294, A-74235967, A-77484722, A-77484786, A-79420492, A-79420096, and A-109678529

Trust: 2.07

sources: NVD: CVE-2018-5917 // JVNDB: JVNDB-2018-012570 // BID: 105838 // VULHUB: VHN-135949 // VULMON: CVE-2018-5917

AFFECTED PRODUCTS

vendor:	qualcomm	model:	sda660	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 625	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 820	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sda845	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sdx24	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 835	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 820a	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 845	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sxr1130	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 850	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 430	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 425	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8996au	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 425	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 430	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 450	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 625	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 820	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 820a	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 835	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 845	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 850	scope:	-	version:	-	Trust: 0.8
vendor:	google	model:	pixel xl	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	pixel c	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	pixel	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	nexus player	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	9	Trust: 0.3
vendor:	google	model:	nexus 6p	scope:	-	version:	-	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	6	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	5x	Trust: 0.3
vendor:	google	model:	android	scope:	eq	version:	0	Trust: 0.3

sources: BID: 105838 // JVNDB: JVNDB-2018-012570 // CNNVD: CNNVD-201811-841 // NVD: CVE-2018-5917

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-5917
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-5917
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201811-841
value:	HIGH
Trust: 0.6
VULHUB:	VHN-135949
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-5917
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-5917
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-135949
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-5917
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-135949 // VULMON: CVE-2018-5917 // JVNDB: JVNDB-2018-012570 // CNNVD: CNNVD-201811-841 // NVD: CVE-2018-5917

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-135949 // JVNDB: JVNDB-2018-012570 // NVD: CVE-2018-5917

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201811-841

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201811-841

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-012570

PATCH

title:	November 2018 Qualcomm Technologies, Inc. Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins	Trust: 0.8
title:	Multiple Qualcomm Snapdragon Product Buffer Error Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87065	Trust: 0.6
title:	Android Security Bulletins: Android Security Bulletin—November 2018	url:	https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=2a07dd9b0f590517e161812c849b67e5	Trust: 0.1

sources: VULMON: CVE-2018-5917 // JVNDB: JVNDB-2018-012570 // CNNVD: CNNVD-201811-841

EXTERNAL IDS

db:	NVD	id:	CVE-2018-5917	Trust: 2.9
db:	BID	id:	105838	Trust: 1.5
db:	JVNDB	id:	JVNDB-2018-012570	Trust: 0.8
db:	CNNVD	id:	CNNVD-201811-841	Trust: 0.6
db:	VULHUB	id:	VHN-135949	Trust: 0.1
db:	VULMON	id:	CVE-2018-5917	Trust: 0.1

sources: VULHUB: VHN-135949 // VULMON: CVE-2018-5917 // BID: 105838 // JVNDB: JVNDB-2018-012570 // CNNVD: CNNVD-201811-841 // NVD: CVE-2018-5917

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins	Trust: 1.8
url:	http://www.securityfocus.com/bid/105838	Trust: 1.3
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5917	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-5917	Trust: 0.8
url:	https://source.android.com/security/bulletin/2018-11-01.html	Trust: 0.4
url:	http://code.google.com/android/	Trust: 0.3
url:	http://www.qualcomm.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-135949 // VULMON: CVE-2018-5917 // BID: 105838 // JVNDB: JVNDB-2018-012570 // CNNVD: CNNVD-201811-841 // NVD: CVE-2018-5917

CREDITS

The vendor reported these issues.

Trust: 0.3

sources: BID: 105838

SOURCES

db:	VULHUB	id:	VHN-135949
db:	VULMON	id:	CVE-2018-5917
db:	BID	id:	105838
db:	JVNDB	id:	JVNDB-2018-012570
db:	CNNVD	id:	CNNVD-201811-841
db:	NVD	id:	CVE-2018-5917

LAST UPDATE DATE

2024-11-23T22:00:18.509000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-135949	date:	2018-12-26T00:00:00
db:	VULMON	id:	CVE-2018-5917	date:	2018-12-26T00:00:00
db:	BID	id:	105838	date:	2018-11-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-012570	date:	2019-02-05T00:00:00
db:	CNNVD	id:	CNNVD-201811-841	date:	2018-11-29T00:00:00
db:	NVD	id:	CVE-2018-5917	date:	2024-11-21T04:09:42.060

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-135949	date:	2018-11-28T00:00:00
db:	VULMON	id:	CVE-2018-5917	date:	2018-11-28T00:00:00
db:	BID	id:	105838	date:	2018-11-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-012570	date:	2019-02-05T00:00:00
db:	CNNVD	id:	CNNVD-201811-841	date:	2018-11-29T00:00:00
db:	NVD	id:	CVE-2018-5917	date:	2018-11-28T15:29:00.737