Sign-up

ID

VAR-201902-0499


CVE

CVE-2018-13913


TITLE

plural Snapdragon Vulnerability related to array index verification in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-014643

DESCRIPTION

Improper validation of array index can lead to unauthorized access while processing debugFS in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in version MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24. plural Snapdragon The product contains a vulnerability related to array index validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. QualcommMDM9206 and other products are products of Qualcomm. The MDM9206 is a central processing unit (CPU) product. The SDX24 is a modem. The SD425 is a central processing unit (CPU) product. An unauthorized access vulnerability exists in Display in several Qualcomm products due to a program failing to properly validate an array index that an attacker could use to gain unauthorized access

Trust: 2.16

sources: NVD: CVE-2018-13913 // JVNDB: JVNDB-2018-014643 // CNVD: CNVD-2019-05662

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-05662

AFFECTED PRODUCTS

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9640scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9150scope: - version: -

Trust: 1.4

vendor:qualcommmodel:sdm439scope: - version: -

Trust: 1.2

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon mobilescope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 616scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon autoscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon consumer internet of thingsscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon internet of thingsscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 712scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon voice \& musicscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 415scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 652scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon industrial internet of thingsscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:snapdragon autoscope: - version: -

Trust: 0.8

vendor:qualcommmodel:snapdragon consumer iotscope: - version: -

Trust: 0.8

vendor:qualcommmodel:snapdragon industrial iotscope: - version: -

Trust: 0.8

vendor:qualcommmodel:snapdragon iotscope: - version: -

Trust: 0.8

vendor:qualcommmodel:snapdragon mobilescope: - version: -

Trust: 0.8

vendor:qualcommmodel:snapdragon voice & musicscope: - version: -

Trust: 0.8

vendor:qualcommmodel:sdscope:eqversion:210

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:212

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:205

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:845

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:850

Trust: 0.6

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.6

vendor:qualcommmodel:msm8996auscope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdx20scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:425

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:615/16

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:415

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:625

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:650/52

Trust: 0.6

vendor:qualcommmodel:sd 820ascope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:835

Trust: 0.6

vendor:qualcommmodel:sdm630scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdm660scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sda660scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdx24scope: - version: -

Trust: 0.6

vendor:qualcommmodel:qcs605scope: - version: -

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:439

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:429

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:636

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:712

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:710

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:670

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:855

Trust: 0.6

sources: CNVD: CNVD-2019-05662 // JVNDB: JVNDB-2018-014643 // NVD: CVE-2018-13913

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-13913
value: HIGH

Trust: 1.0

NVD: CVE-2018-13913
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-05662
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201902-922
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2018-13913
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-05662
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-13913
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-05662 // JVNDB: JVNDB-2018-014643 // CNNVD: CNNVD-201902-922 // NVD: CVE-2018-13913

PROBLEMTYPE DATA

problemtype:CWE-129

Trust: 1.8

sources: JVNDB: JVNDB-2018-014643 // NVD: CVE-2018-13913

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201902-922

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201902-922

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014643

PATCH
title:February 2019 Code Aurora Security Bulletinurl:https://www.codeaurora.org/security-bulletin/2019/02/04/february-2019-code-aurora-security-bulletin
Trust: 0.8
title:Patches for unauthorized access to multiple Qualcomm productsurl:https://www.cnvd.org.cn/patchInfo/show/154815
Trust: 0.6
title:Multiple Qualcomm Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89644
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-05662 // 
            
            
            
            JVNDB: JVNDB-2018-014643 // 
            
            
            
            CNNVD: CNNVD-201902-922

EXTERNAL IDS
db:NVDid:CVE-2018-13913
Trust: 3.0
db:JVNDBid:JVNDB-2018-014643
Trust: 0.8
db:CNVDid:CNVD-2019-05662
Trust: 0.6
db:CNNVDid:CNNVD-201902-922
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-05662 // 
            
            
            
            JVNDB: JVNDB-2018-014643 // 
            
            
            
            CNNVD: CNNVD-201902-922 // 
            
            
            
            NVD: CVE-2018-13913

REFERENCES
url:https://www.codeaurora.org/security-bulletin/2019/02/04/february-2019-code-aurora-security-bulletin
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2018-13913
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13913
Trust: 0.8
url:https://vigilance.fr/vulnerability/google-android-os-multiple-vulnerabilities-30243
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-05662 // 
            
            
            
            JVNDB: JVNDB-2018-014643 // 
            
            
            
            CNNVD: CNNVD-201902-922 // 
            
            
            
            NVD: CVE-2018-13913

SOURCES
db:CNVDid:CNVD-2019-05662
db:JVNDBid:JVNDB-2018-014643
db:CNNVDid:CNNVD-201902-922
db:NVDid:CVE-2018-13913

LAST UPDATE DATE
2024-11-23T22:30:08.481000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-05662date:2019-02-28T00:00:00
db:JVNDBid:JVNDB-2018-014643date:2019-04-01T00:00:00
db:CNNVDid:CNNVD-201902-922date:2019-09-05T00:00:00
db:NVDid:CVE-2018-13913date:2024-11-21T03:48:19.663

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-05662date:2019-02-28T00:00:00
db:JVNDBid:JVNDB-2018-014643date:2019-04-01T00:00:00
db:CNNVDid:CNNVD-201902-922date:2019-02-25T00:00:00
db:NVDid:CVE-2018-13913date:2019-02-25T22:29:02.837