Sign-up

ID

VAR-201901-1324


CVE

CVE-2018-5869


TITLE

snapdragon mobile and snapdragon wear Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013784

DESCRIPTION

Improper input validation in the QTEE keymaster app can lead to invalid memory access in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 800, SD 810. snapdragon mobile and snapdragon wear Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-78135902, A-66913713, A-67712316, A-79419833, A-109678200, A-78283451, A-78285196, A-78284194, A-78284753, A-78284517, A-78240177, A-78239686, A-78284545, A-109660689, A-78240324, A-68141338, A-78286046, A-73539037, A-73539235, A-71501115, A-33757308, A-74236942, A-77485184, A-77484529, A-33385206, A-79419639, A-79420511, A-109678338, and A-112279564. Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. TrustZone is one of the system security components. An input validation vulnerability exists in TrustZone in several Qualcomm products

Trust: 2.07

sources: NVD: CVE-2018-5869 // JVNDB: JVNDB-2018-013784 // BID: 106128 // VULHUB: VHN-135901 // VULMON: CVE-2018-5869

AFFECTED PRODUCTS

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 810scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 616scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 415scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 800scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 412scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 410scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 410scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 412scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 615scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 616scope: - version: -

Trust: 0.8

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexus playerscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 106128 // JVNDB: JVNDB-2018-013784 // NVD: CVE-2018-5869

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5869
value: HIGH

Trust: 1.0

NVD: CVE-2018-5869
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201812-429
value: HIGH

Trust: 0.6

VULHUB: VHN-135901
value: HIGH

Trust: 0.1

VULMON: CVE-2018-5869
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-5869
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-135901
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-5869
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-135901 // VULMON: CVE-2018-5869 // JVNDB: JVNDB-2018-013784 // CNNVD: CNNVD-201812-429 // NVD: CVE-2018-5869

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-135901 // JVNDB: JVNDB-2018-013784 // NVD: CVE-2018-5869

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201812-429

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201812-429

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013784

PATCH
title:December 2018 Qualcomm Technologies, Inc. Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins
Trust: 0.8
title:Multiple Qualcomm Fixes for product input validation vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87677
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—December 2018url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=90af33430b981dd4da141cb90e5f3889
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-5869 // 
            
            
            
            JVNDB: JVNDB-2018-013784 // 
            
            
            
            CNNVD: CNNVD-201812-429

EXTERNAL IDS
db:NVDid:CVE-2018-5869
Trust: 2.9
db:BIDid:106128
Trust: 2.1
db:JVNDBid:JVNDB-2018-013784
Trust: 0.8
db:CNNVDid:CNNVD-201812-429
Trust: 0.7
db:VULHUBid:VHN-135901
Trust: 0.1
db:VULMONid:CVE-2018-5869
Trust: 0.1
sources:
            
            
            VULHUB: VHN-135901 // 
            
            
            
            VULMON: CVE-2018-5869 // 
            
            
            
            BID: 106128 // 
            
            
            
            JVNDB: JVNDB-2018-013784 // 
            
            
            
            CNNVD: CNNVD-201812-429 // 
            
            
            
            NVD: CVE-2018-5869

REFERENCES
url:http://www.securityfocus.com/bid/106128
Trust: 2.5
url:https://www.qualcomm.com/company/product-security/bulletins
Trust: 1.8
url:https://source.android.com/security/bulletin/2018-12-01.html
Trust: 1.0
url:http://code.google.com/android/
Trust: 0.9
url:http://www.qualcomm.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5869
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-5869
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-135901 // 
            
            
            
            VULMON: CVE-2018-5869 // 
            
            
            
            BID: 106128 // 
            
            
            
            JVNDB: JVNDB-2018-013784 // 
            
            
            
            CNNVD: CNNVD-201812-429 // 
            
            
            
            NVD: CVE-2018-5869

CREDITS
The vendor reported these issues.
Trust: 0.9
sources:
            
            
            BID: 106128 // 
            
            
            
            CNNVD: CNNVD-201812-429

SOURCES
db:VULHUBid:VHN-135901
db:VULMONid:CVE-2018-5869
db:BIDid:106128
db:JVNDBid:JVNDB-2018-013784
db:CNNVDid:CNNVD-201812-429
db:NVDid:CVE-2018-5869

LAST UPDATE DATE
2024-11-23T20:59:07.640000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-135901date:2019-01-24T00:00:00
db:VULMONid:CVE-2018-5869date:2019-01-24T00:00:00
db:BIDid:106128date:2018-12-03T00:00:00
db:JVNDBid:JVNDB-2018-013784date:2019-03-01T00:00:00
db:CNNVDid:CNNVD-201812-429date:2019-04-16T00:00:00
db:NVDid:CVE-2018-5869date:2024-11-21T04:09:34.917

SOURCES RELEASE DATE
db:VULHUBid:VHN-135901date:2019-01-18T00:00:00
db:VULMONid:CVE-2018-5869date:2019-01-18T00:00:00
db:BIDid:106128date:2018-12-03T00:00:00
db:JVNDBid:JVNDB-2018-013784date:2019-03-01T00:00:00
db:CNNVDid:CNNVD-201812-429date:2018-12-11T00:00:00
db:NVDid:CVE-2018-5869date:2019-01-18T22:29:00.787