ID
VAR-201905-0773
CVE
CVE-2018-13899
TITLE
plural Snapdragon Vulnerability in using freed memory in products
Trust: 0.8
DESCRIPTION
Processing messages after error may result in user after free memory fault in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SM7150. plural Snapdragon The product contains a vulnerability related to the use of released memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and others are products of Qualcomm (Qualcomm). MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. MDM9650 is a central processing unit (CPU) product. Video Driver is one of the video drivers. A resource management error vulnerability exists in the Video Driver in several Qualcomm products. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products
Trust: 1.8
AFFECTED PRODUCTS
| vendor: | qualcomm | model: | sdm439 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sda660 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9150 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 845 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9650 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qcs605 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 439 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 820a | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 636 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 429 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 450 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 632 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdx20 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdx24 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qm215 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 712 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm660 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9607 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 625 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm630 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9206 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 850 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 675 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 820 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 855 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | msm8909w | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 710 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 425 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 670 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sm7150 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9150 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9206 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9607 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9650 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | msm8909w | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | qcs605 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | qm215 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 425 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 429 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | sd 439 | scope: | - | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-416 | Trust: 1.9 |
THREAT TYPE
local
Trust: 0.6
TYPE
resource management error
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | April 2019 Code Aurora Security Bulletin | url: | https://www.codeaurora.org/security-bulletin/2019/04/01/april-2019-code-aurora-security-bulletin | Trust: 0.8 |
| title: | Android Qualcomm Video Fixes for component security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89797 | Trust: 0.6 |
| title: | Android Security Bulletins: Android Security Bulletin — March 2019 | url: | https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=e9cddeba5732c8294d7cd6c4b6f1170b | Trust: 0.1 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2018-13899 | Trust: 2.6 |
| db: | JVNDB | id: | JVNDB-2018-015524 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201903-127 | Trust: 0.7 |
| db: | VULHUB | id: | VHN-124004 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2018-13899 | Trust: 0.1 |
REFERENCES
| url: | https://www.codeaurora.org/security-bulletin/2019/04/01/april-2019-code-aurora-security-bulletin | Trust: 1.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2018-13899 | Trust: 1.4 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13899 | Trust: 0.8 |
| url: | https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-march-2019-28664 | Trust: 0.6 |
| url: | https://cwe.mitre.org/data/definitions/416.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | https://source.android.com/security/bulletin/2019-03-01.html | Trust: 0.1 |
SOURCES
| db: | VULHUB | id: | VHN-124004 |
| db: | VULMON | id: | CVE-2018-13899 |
| db: | JVNDB | id: | JVNDB-2018-015524 |
| db: | CNNVD | id: | CNNVD-201903-127 |
| db: | NVD | id: | CVE-2018-13899 |
LAST UPDATE DATE
2024-08-14T14:56:51.100000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-124004 | date: | 2019-05-29T00:00:00 |
| db: | VULMON | id: | CVE-2018-13899 | date: | 2019-05-29T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-015524 | date: | 2019-06-11T00:00:00 |
| db: | CNNVD | id: | CNNVD-201903-127 | date: | 2019-05-30T00:00:00 |
| db: | NVD | id: | CVE-2018-13899 | date: | 2019-05-29T19:33:08.740 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-124004 | date: | 2019-05-24T00:00:00 |
| db: | VULMON | id: | CVE-2018-13899 | date: | 2019-05-24T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-015524 | date: | 2019-06-11T00:00:00 |
| db: | CNNVD | id: | CNNVD-201903-127 | date: | 2019-03-05T00:00:00 |
| db: | NVD | id: | CVE-2018-13899 | date: | 2019-05-24T17:29:01.977 |