Details of VAR-201904-0544

ID

VAR-201904-0544

CVE

CVE-2018-13918

TITLE

plural Snapdragon Product buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-015208

DESCRIPTION

kernel could return a received message length higher than expected, which leads to buffer overflow in a subsequent operation and stops normal operation in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 675, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM439, SDX24, SM7150. plural Snapdragon The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and others are products of Qualcomm (Qualcomm). MDM9206 is a central processing unit (CPU) product. SDX24 is a modem. SD 425 is a central processing unit (CPU) product. A buffer overflow vulnerability exists in the PMIC Modules of several Qualcomm products. The vulnerability is caused by the fact that the length of the received message returned by the kernel is longer than expected. An attacker could exploit this vulnerability to execute code or cause a denial of service

Trust: 1.8

sources: NVD: CVE-2018-13918 // JVNDB: JVNDB-2018-015208 // VULHUB: VHN-124025 // VULMON: CVE-2018-13918

AFFECTED PRODUCTS

vendor:	qualcomm	model:	sd 632	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx24	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm7150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 835	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 710	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 425	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 675	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 429	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 820a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9206	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qm215	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm439	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8909w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 670	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 439	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 855	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 712	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 625	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9150	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9206	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9607	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9650	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm8909w	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qcs605	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	215	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 425	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 429	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 439	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2018-015208 // NVD: CVE-2018-13918

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-13918
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-13918
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201903-124
value:	HIGH
Trust: 0.6
VULHUB:	VHN-124025
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-13918
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-13918
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-124025
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-13918
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-124025 // VULMON: CVE-2018-13918 // JVNDB: JVNDB-2018-015208 // CNNVD: CNNVD-201903-124 // NVD: CVE-2018-13918

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-124025 // JVNDB: JVNDB-2018-015208 // NVD: CVE-2018-13918

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201903-124

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201903-124

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015208

PATCH

title:	March 2019 Qualcomm Technologies, Inc. Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins	Trust: 0.8
title:	Multiple Qualcomm Product Buffer Error Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89794	Trust: 0.6
title:	Android Security Bulletins: Android Security Bulletin — March 2019	url:	https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=e9cddeba5732c8294d7cd6c4b6f1170b	Trust: 0.1

sources: VULMON: CVE-2018-13918 // JVNDB: JVNDB-2018-015208 // CNNVD: CNNVD-201903-124

EXTERNAL IDS

db:	NVD	id:	CVE-2018-13918	Trust: 2.6
db:	JVNDB	id:	JVNDB-2018-015208	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-124	Trust: 0.7
db:	VULHUB	id:	VHN-124025	Trust: 0.1
db:	VULMON	id:	CVE-2018-13918	Trust: 0.1

sources: VULHUB: VHN-124025 // VULMON: CVE-2018-13918 // JVNDB: JVNDB-2018-015208 // CNNVD: CNNVD-201903-124 // NVD: CVE-2018-13918

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-13918	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13918	Trust: 0.8
url:	https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-march-2019-28664	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://source.android.com/security/bulletin/2019-03-01.html	Trust: 0.1

sources: VULHUB: VHN-124025 // VULMON: CVE-2018-13918 // JVNDB: JVNDB-2018-015208 // CNNVD: CNNVD-201903-124 // NVD: CVE-2018-13918

SOURCES

db:	VULHUB	id:	VHN-124025
db:	VULMON	id:	CVE-2018-13918
db:	JVNDB	id:	JVNDB-2018-015208
db:	CNNVD	id:	CNNVD-201903-124
db:	NVD	id:	CVE-2018-13918

LAST UPDATE DATE

2024-11-23T22:51:50.465000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-124025	date:	2019-05-29T00:00:00
db:	VULMON	id:	CVE-2018-13918	date:	2019-05-29T00:00:00
db:	JVNDB	id:	JVNDB-2018-015208	date:	2019-05-13T00:00:00
db:	CNNVD	id:	CNNVD-201903-124	date:	2019-05-30T00:00:00
db:	NVD	id:	CVE-2018-13918	date:	2024-11-21T03:48:20.217

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-124025	date:	2019-04-04T00:00:00
db:	VULMON	id:	CVE-2018-13918	date:	2019-04-04T00:00:00
db:	JVNDB	id:	JVNDB-2018-015208	date:	2019-05-13T00:00:00
db:	CNNVD	id:	CNNVD-201903-124	date:	2019-03-05T00:00:00
db:	NVD	id:	CVE-2018-13918	date:	2019-04-04T15:29:00.923