Sign-up

ID

VAR-201901-0779


CVE

CVE-2018-11288


TITLE

plural snapdragon Vulnerability related to array index verification in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-013844

DESCRIPTION

Possible undefined behavior due to lack of size check in function for parameter segment_idx can lead to a read outside of the intended region in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDX24, SXR1130. snapdragon automobile , snapdragon mobile , snapdragon wear Contains a vulnerability related to array index validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-68326803, A-62213176, A-73539234, A-72950814, A-77484228, A-111090697, A-68326811, A-78240387, A-78239234, A-68326819, A-71501117, A-72950958, A-74236425, A-77484229, A-79419793, A-109677940, A-109677982, A-109677964, A-109678202, A-109678380, A-111091377, A-111090533, A-111093202, A-111090698, A-111093021, and A-111093167. Qualcomm MDM9206 and others are products of Qualcomm (Qualcomm). The Qualcomm MDM9206 is a central processing unit (CPU). SDX24 is a modem. A security vulnerability exists in the Core in several Qualcomm snapdragon products

Trust: 2.07

sources: NVD: CVE-2018-11288 // JVNDB: JVNDB-2018-013844 // BID: 106494 // VULHUB: VHN-121132 // VULMON: CVE-2018-11288

AFFECTED PRODUCTS

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9655scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 412scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 410scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9655scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 410scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 412scope: - version: -

Trust: 0.8

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus playerscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 106494 // JVNDB: JVNDB-2018-013844 // NVD: CVE-2018-11288

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-11288
value: HIGH

Trust: 1.0

NVD: CVE-2018-11288
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201901-754
value: HIGH

Trust: 0.6

VULHUB: VHN-121132
value: HIGH

Trust: 0.1

VULMON: CVE-2018-11288
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-11288
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-121132
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-11288
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-121132 // VULMON: CVE-2018-11288 // JVNDB: JVNDB-2018-013844 // CNNVD: CNNVD-201901-754 // NVD: CVE-2018-11288

PROBLEMTYPE DATA

problemtype:CWE-129

Trust: 1.9

sources: VULHUB: VHN-121132 // JVNDB: JVNDB-2018-013844 // NVD: CVE-2018-11288

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201901-754

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201901-754

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013844

PATCH
title:December 2018 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins
Trust: 0.8
title:Multiple Qualcomm snapdragon Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88856
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—September 2018url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=25cebb27b25b2e242f56769472d26cc5
Trust: 0.1
title:SamsungReleaseNotesurl:https://github.com/samreleasenotes/SamsungReleaseNotes 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-11288 // 
            
            
            
            JVNDB: JVNDB-2018-013844 // 
            
            
            
            CNNVD: CNNVD-201901-754

EXTERNAL IDS
db:NVDid:CVE-2018-11288
Trust: 2.9
db:JVNDBid:JVNDB-2018-013844
Trust: 0.8
db:CNNVDid:CNNVD-201901-754
Trust: 0.7
db:BIDid:106494
Trust: 0.3
db:VULHUBid:VHN-121132
Trust: 0.1
db:VULMONid:CVE-2018-11288
Trust: 0.1
sources:
            
            
            VULHUB: VHN-121132 // 
            
            
            
            VULMON: CVE-2018-11288 // 
            
            
            
            BID: 106494 // 
            
            
            
            JVNDB: JVNDB-2018-013844 // 
            
            
            
            CNNVD: CNNVD-201901-754 // 
            
            
            
            NVD: CVE-2018-11288

REFERENCES
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11288
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-11288
Trust: 0.8
url:https://source.android.com/security/bulletin/2018-09-01.html
Trust: 0.4
url:http://code.google.com/android/
Trust: 0.3
url:http://www.qualcomm.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/129.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/samreleasenotes/samsungreleasenotes
Trust: 0.1
sources:
            
            
            VULHUB: VHN-121132 // 
            
            
            
            VULMON: CVE-2018-11288 // 
            
            
            
            BID: 106494 // 
            
            
            
            JVNDB: JVNDB-2018-013844 // 
            
            
            
            CNNVD: CNNVD-201901-754 // 
            
            
            
            NVD: CVE-2018-11288

CREDITS
The vendor reported these issues.
Trust: 0.3
sources:
            
            
            BID: 106494

SOURCES
db:VULHUBid:VHN-121132
db:VULMONid:CVE-2018-11288
db:BIDid:106494
db:JVNDBid:JVNDB-2018-013844
db:CNNVDid:CNNVD-201901-754
db:NVDid:CVE-2018-11288

LAST UPDATE DATE
2024-11-23T21:52:41.739000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-121132date:2019-01-25T00:00:00
db:VULMONid:CVE-2018-11288date:2019-01-25T00:00:00
db:BIDid:106494date:2018-09-04T00:00:00
db:JVNDBid:JVNDB-2018-013844date:2019-03-04T00:00:00
db:CNNVDid:CNNVD-201901-754date:2019-04-01T00:00:00
db:NVDid:CVE-2018-11288date:2024-11-21T03:43:04.150

SOURCES RELEASE DATE
db:VULHUBid:VHN-121132date:2019-01-18T00:00:00
db:VULMONid:CVE-2018-11288date:2019-01-18T00:00:00
db:BIDid:106494date:2018-09-04T00:00:00
db:JVNDBid:JVNDB-2018-013844date:2019-03-04T00:00:00
db:CNNVDid:CNNVD-201901-754date:2019-01-21T00:00:00
db:NVDid:CVE-2018-11288date:2019-01-18T22:29:00.490