Details of VAR-201901-0455

ID

VAR-201901-0455

CVE

CVE-2018-11999

TITLE

plural snapdragon Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-013788

DESCRIPTION

Improper input validation in trustzone can lead to denial of service in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 636, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM630, SDM660, SDX24. snapdragon automobile , snapdragon mobile , snapdragon wear Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78135902, A-66913713, A-67712316, A-79419833, A-109678200, A-78283451, A-78285196, A-78284194, A-78284753, A-78284517, A-78240177, A-78239686, A-78284545, A-109660689, A-78240324, A-68141338, A-78286046, A-73539037, A-73539235, A-71501115, A-33757308, A-74236942, A-77485184, A-77484529, A-33385206, A-79419639, A-79420511, A-109678338, and A-112279564. Qualcomm MDM9206 and others are products of Qualcomm (Qualcomm). The Qualcomm MDM9206 is a central processing unit (CPU). SDX24 is a modem. TrustZone is one of the system security components. An input validation vulnerability exists in TrustZone in several Qualcomm products

Trust: 2.07

sources: NVD: CVE-2018-11999 // JVNDB: JVNDB-2018-013788 // BID: 106128 // VULHUB: VHN-121914 // VULMON: CVE-2018-11999

AFFECTED PRODUCTS

vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx24	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 410	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 205	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 212	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 835	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 820a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9206	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm630	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 820	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9655	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9635m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 412	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 210	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 636	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9206	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9607	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9635m	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9650	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9655	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm8996au	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 205	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 210	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 212	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 410	scope:	-	version:	-	Trust: 0.8
vendor:	google	model:	pixel xl	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	pixel c	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	pixel	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	nexus player	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	9	Trust: 0.3
vendor:	google	model:	nexus 6p	scope:	-	version:	-	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	6	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	5x	Trust: 0.3
vendor:	google	model:	android	scope:	eq	version:	0	Trust: 0.3

sources: BID: 106128 // JVNDB: JVNDB-2018-013788 // NVD: CVE-2018-11999

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-11999
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-11999
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201812-426
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-121914
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2018-11999
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-11999
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	CVE-2018-11999
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-121914
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-11999
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.0
NVD:	CVE-2018-11999
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-121914 // VULMON: CVE-2018-11999 // JVNDB: JVNDB-2018-013788 // CNNVD: CNNVD-201812-426 // NVD: CVE-2018-11999

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-121914 // JVNDB: JVNDB-2018-013788 // NVD: CVE-2018-11999

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201812-426

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201812-426

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013788

PATCH

title:	December 2018 Qualcomm Technologies, Inc. Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins	Trust: 0.8
title:	Multiple Qualcomm Fixes for product input validation vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87674	Trust: 0.6
title:	Android Security Bulletins: Android Security Bulletin—December 2018	url:	https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=90af33430b981dd4da141cb90e5f3889	Trust: 0.1

sources: VULMON: CVE-2018-11999 // JVNDB: JVNDB-2018-013788 // CNNVD: CNNVD-201812-426

EXTERNAL IDS

db:	NVD	id:	CVE-2018-11999	Trust: 2.9
db:	BID	id:	106128	Trust: 2.1
db:	JVNDB	id:	JVNDB-2018-013788	Trust: 0.8
db:	CNNVD	id:	CNNVD-201812-426	Trust: 0.7
db:	VULHUB	id:	VHN-121914	Trust: 0.1
db:	VULMON	id:	CVE-2018-11999	Trust: 0.1

sources: VULHUB: VHN-121914 // VULMON: CVE-2018-11999 // BID: 106128 // JVNDB: JVNDB-2018-013788 // CNNVD: CNNVD-201812-426 // NVD: CVE-2018-11999

REFERENCES

url:	http://www.securityfocus.com/bid/106128	Trust: 2.5
url:	https://www.qualcomm.com/company/product-security/bulletins	Trust: 1.8
url:	https://source.android.com/security/bulletin/2018-12-01.html	Trust: 1.0
url:	http://code.google.com/android/	Trust: 0.9
url:	http://www.qualcomm.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11999	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-11999	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-121914 // VULMON: CVE-2018-11999 // BID: 106128 // JVNDB: JVNDB-2018-013788 // CNNVD: CNNVD-201812-426 // NVD: CVE-2018-11999

CREDITS

The vendor reported these issues.

Trust: 0.9

sources: BID: 106128 // CNNVD: CNNVD-201812-426

SOURCES

db:	VULHUB	id:	VHN-121914
db:	VULMON	id:	CVE-2018-11999
db:	BID	id:	106128
db:	JVNDB	id:	JVNDB-2018-013788
db:	CNNVD	id:	CNNVD-201812-426
db:	NVD	id:	CVE-2018-11999

LAST UPDATE DATE

2024-11-23T19:43:12.855000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-121914	date:	2019-01-24T00:00:00
db:	VULMON	id:	CVE-2018-11999	date:	2019-01-24T00:00:00
db:	BID	id:	106128	date:	2018-12-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-013788	date:	2019-03-01T00:00:00
db:	CNNVD	id:	CNNVD-201812-426	date:	2019-04-16T00:00:00
db:	NVD	id:	CVE-2018-11999	date:	2024-11-21T03:44:23.583

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-121914	date:	2019-01-18T00:00:00
db:	VULMON	id:	CVE-2018-11999	date:	2019-01-18T00:00:00
db:	BID	id:	106128	date:	2018-12-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-013788	date:	2019-03-01T00:00:00
db:	CNNVD	id:	CNNVD-201812-426	date:	2018-12-11T00:00:00
db:	NVD	id:	CVE-2018-11999	date:	2019-01-18T22:29:00.597