Sign-up

ID

VAR-201902-0498


CVE

CVE-2018-13912


TITLE

plural Snapdragon Product buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-014644

DESCRIPTION

Arbitrary write issue can occur when user provides kernel address in compat mode in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24. plural Snapdragon The product contains a buffer error vulnerability.Information may be tampered with

Trust: 1.62

sources: NVD: CVE-2018-13912 // JVNDB: JVNDB-2018-014644

AFFECTED PRODUCTS

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon voice \& musicscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon industrial internet of thingsscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon connectivityscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon autoscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon consumer internet of thingsscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:qualcommmodel:mdm9640scope: - version: -

Trust: 0.8

vendor:qualcommmodel:snapdragon autoscope: - version: -

Trust: 0.8

vendor:qualcommmodel:snapdragon connectivityscope: - version: -

Trust: 0.8

vendor:qualcommmodel:snapdragon consumer iotscope: - version: -

Trust: 0.8

vendor:qualcommmodel:snapdragon industrial iotscope: - version: -

Trust: 0.8

vendor:qualcommmodel:snapdragon mobilescope: - version: -

Trust: 0.8

vendor:qualcommmodel:snapdragon voice & musicscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-014644 // NVD: CVE-2018-13912

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-13912
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-13912
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201902-923
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2018-13912
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2018-13912
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2018-014644 // CNNVD: CNNVD-201902-923 // NVD: CVE-2018-13912

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2018-014644 // NVD: CVE-2018-13912

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201902-923

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201902-923

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014644

PATCH
title:February 2019 Code Aurora Security Bulletinurl:https://www.codeaurora.org/security-bulletin/2019/02/04/february-2019-code-aurora-security-bulletin
Trust: 0.8
title:Multiple Qualcomm Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89645
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014644 // 
            
            
            
            CNNVD: CNNVD-201902-923

EXTERNAL IDS
db:NVDid:CVE-2018-13912
Trust: 2.4
db:JVNDBid:JVNDB-2018-014644
Trust: 0.8
db:CNNVDid:CNNVD-201902-923
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014644 // 
            
            
            
            CNNVD: CNNVD-201902-923 // 
            
            
            
            NVD: CVE-2018-13912

REFERENCES
url:https://www.codeaurora.org/security-bulletin/2019/02/04/february-2019-code-aurora-security-bulletin
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-13912
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13912
Trust: 0.8
url:https://vigilance.fr/vulnerability/google-android-os-multiple-vulnerabilities-30243
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014644 // 
            
            
            
            CNNVD: CNNVD-201902-923 // 
            
            
            
            NVD: CVE-2018-13912

SOURCES
db:JVNDBid:JVNDB-2018-014644
db:CNNVDid:CNNVD-201902-923
db:NVDid:CVE-2018-13912

LAST UPDATE DATE
2024-11-23T22:41:36.484000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2018-014644date:2019-04-01T00:00:00
db:CNNVDid:CNNVD-201902-923date:2019-09-05T00:00:00
db:NVDid:CVE-2018-13912date:2024-11-21T03:48:19.507

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2018-014644date:2019-04-01T00:00:00
db:CNNVDid:CNNVD-201902-923date:2019-02-25T00:00:00
db:NVDid:CVE-2018-13912date:2019-02-25T22:29:02.807