ID
VAR-201904-0543
CVE
CVE-2018-11971
TITLE
plural Snapdragon Information disclosure vulnerability in products
Trust: 0.8
DESCRIPTION
Interrupt exit code flow may undermine access control policy set forth by secure world can lead to potential secure asset leakage in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 410/12, SD 615/16/SD 415, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SD 8CX, SDA660, SDM630, SDM660, SXR1130. plural Snapdragon The product contains an information disclosure vulnerability.Information may be obtained. QualcommMDM9607 and others are a central processing unit (CPU) product of Qualcomm. There are information disclosure vulnerabilities in TrustZone in several Qualcomm products. An attacker could exploit the vulnerability to disclose information. The following products are affected: Qualcomm MDM9206; MDM9607; MDM9650; MDM9655; QCS605; SD 410/12; SD 615/16; SD 415; SD 636; SD 712; SD 710; SDA660; SDM630; SDM660; SXR1130
Trust: 2.34
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | qualcomm | model: | mdm9206 | scope: | - | version: | - | Trust: 1.4 |
| vendor: | qualcomm | model: | mdm9607 | scope: | - | version: | - | Trust: 1.4 |
| vendor: | qualcomm | model: | mdm9650 | scope: | - | version: | - | Trust: 1.4 |
| vendor: | qualcomm | model: | mdm9655 | scope: | - | version: | - | Trust: 1.4 |
| vendor: | qualcomm | model: | qcs605 | scope: | - | version: | - | Trust: 1.4 |
| vendor: | qualcomm | model: | sd 8cx | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 410 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 415 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qcs605 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sda660 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 710 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9607 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9650 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 850 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9206 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 615 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm630 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 845 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm660 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9655 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 616 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 670 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sxr1130 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 412 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 712 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 636 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 410 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 412 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 415 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 615 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 616 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 850 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 615/16 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 415 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 410/12 | Trust: 0.6 |
| vendor: | qualcomm | model: | sdm630 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | qualcomm | model: | sdm660 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 845 | Trust: 0.6 |
| vendor: | qualcomm | model: | sda660 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | qualcomm | model: | sxr1130 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | qualcomm | model: | sd 8cx | scope: | - | version: | - | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 636 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 712 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 710 | Trust: 0.6 |
| vendor: | qualcomm | model: | sd | scope: | eq | version: | 670 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-200 | Trust: 1.9 |
THREAT TYPE
local
Trust: 0.6
TYPE
information disclosure
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | March 2019 Qualcomm Technologies, Inc. Security Bulletin | url: | https://www.qualcomm.com/company/product-security/bulletins | Trust: 0.8 |
| title: | Patches for multiple Qualcomm Product Information Disclosure Vulnerabilities (CNVD-2019-08980) | url: | https://www.cnvd.org.cn/patchInfo/show/158075 | Trust: 0.6 |
| title: | Multiple Qualcomm Product information disclosure vulnerability repair measures | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89799 | Trust: 0.6 |
| title: | Android Security Bulletins: Android Security Bulletin — March 2019 | url: | https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=e9cddeba5732c8294d7cd6c4b6f1170b | Trust: 0.1 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2018-11971 | Trust: 3.2 |
| db: | JVNDB | id: | JVNDB-2018-015200 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201903-129 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2019-08980 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-121884 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2018-11971 | Trust: 0.1 |
REFERENCES
| url: | https://www.qualcomm.com/company/product-security/bulletins | Trust: 1.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2018-11971 | Trust: 1.4 |
| url: | https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-march-2019-28664 | Trust: 1.2 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11971 | Trust: 0.8 |
| url: | https://cwe.mitre.org/data/definitions/200.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | https://source.android.com/security/bulletin/2019-03-01.html | Trust: 0.1 |
SOURCES
| db: | CNVD | id: | CNVD-2019-08980 |
| db: | VULHUB | id: | VHN-121884 |
| db: | VULMON | id: | CVE-2018-11971 |
| db: | JVNDB | id: | JVNDB-2018-015200 |
| db: | CNNVD | id: | CNNVD-201903-129 |
| db: | NVD | id: | CVE-2018-11971 |
LAST UPDATE DATE
2024-11-23T22:17:05.596000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2019-08980 | date: | 2019-04-03T00:00:00 |
| db: | VULHUB | id: | VHN-121884 | date: | 2019-04-07T00:00:00 |
| db: | VULMON | id: | CVE-2018-11971 | date: | 2019-04-07T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-015200 | date: | 2019-05-13T00:00:00 |
| db: | CNNVD | id: | CNNVD-201903-129 | date: | 2019-04-09T00:00:00 |
| db: | NVD | id: | CVE-2018-11971 | date: | 2024-11-21T03:44:21.307 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2019-08980 | date: | 2019-04-03T00:00:00 |
| db: | VULHUB | id: | VHN-121884 | date: | 2019-04-04T00:00:00 |
| db: | VULMON | id: | CVE-2018-11971 | date: | 2019-04-04T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-015200 | date: | 2019-05-13T00:00:00 |
| db: | CNNVD | id: | CNNVD-201903-129 | date: | 2019-03-05T00:00:00 |
| db: | NVD | id: | CVE-2018-11971 | date: | 2019-04-04T15:29:00.767 |