Details of VAR-201906-0734

ID

VAR-201906-0734

CVE

CVE-2018-11955

TITLE

plural Snapdragon Product out-of-bounds vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-015663

DESCRIPTION

Lack of check on length of reason-code fetched from payload may lead driver access the memory not allocated to the frame and results in out of bound read in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM439, SDM660, SDX20, SDX24. plural Snapdragon The product contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause a denial-of-service condition. These issues are being tracked by Android Bug IDs A-78528839, A-120486022. Qualcomm MDM9206 and others are products of Qualcomm (Qualcomm). MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. MDM9640 is a central processing unit (CPU) product. A buffer error vulnerability exists in several Qualcomm products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 2.07

sources: NVD: CVE-2018-11955 // JVNDB: JVNDB-2018-015663 // BID: 108296 // VULHUB: VHN-121866 // VULMON: CVE-2018-11955

AFFECTED PRODUCTS

vendor:	qualcomm	model:	qca9379	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx24	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs405	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 427	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 710	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 425	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 820a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 429	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	215	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9377	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 730	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 615	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9206	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 616	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9640	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 439	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 435	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 665	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 712	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 625	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 632	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 415	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 205	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 212	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 835	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 652	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6174a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 820	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm439	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 600	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8909w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 670	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx20	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 855	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 430	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 210	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 636	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9150	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9206	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9607	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9640	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9650	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm8909w	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm8996au	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qca6174a	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qca6574au	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qca9377	scope:	-	version:	-	Trust: 0.8
vendor:	google	model:	android	scope:	eq	version:	0	Trust: 0.3

sources: BID: 108296 // JVNDB: JVNDB-2018-015663 // NVD: CVE-2018-11955

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-11955
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-11955
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201905-190
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-121866
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-11955
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-11955
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-121866
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-11955
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-121866 // VULMON: CVE-2018-11955 // JVNDB: JVNDB-2018-015663 // CNNVD: CNNVD-201905-190 // NVD: CVE-2018-11955

PROBLEMTYPE DATA

problemtype:

CWE-125

Trust: 1.9

sources: VULHUB: VHN-121866 // JVNDB: JVNDB-2018-015663 // NVD: CVE-2018-11955

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-190

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201905-190

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015663

PATCH

title:	June 2019 Code Aurora Security Bulletin (CVE-2018-11955)	url:	https://www.codeaurora.org/security-bulletin/2019/06/03/june-2019-code-aurora-security-bulletin#_CVE-2018-11955	Trust: 0.8
title:	Android Qualcomm WLAN Driver security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92334	Trust: 0.6
title:	Threatpost	url:	https://threatpost.com/google-critical-remote-code-execution-flaws-android/144497/	Trust: 0.1

sources: VULMON: CVE-2018-11955 // JVNDB: JVNDB-2018-015663 // CNNVD: CNNVD-201905-190

EXTERNAL IDS

db:	NVD	id:	CVE-2018-11955	Trust: 2.9
db:	BID	id:	108296	Trust: 1.0
db:	JVNDB	id:	JVNDB-2018-015663	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-190	Trust: 0.7
db:	VULHUB	id:	VHN-121866	Trust: 0.1
db:	VULMON	id:	CVE-2018-11955	Trust: 0.1

sources: VULHUB: VHN-121866 // VULMON: CVE-2018-11955 // BID: 108296 // JVNDB: JVNDB-2018-015663 // CNNVD: CNNVD-201905-190 // NVD: CVE-2018-11955

REFERENCES

url:	https://www.codeaurora.org/security-bulletin/2019/05/06/may-2019-code-aurora-security-bulletin	Trust: 2.7
url:	https://www.codeaurora.org/security-bulletin/2019/06/03/june-2019-code-aurora-security-bulletin#_cve-2018-11955	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-11955	Trust: 1.4
url:	http://code.google.com/android/	Trust: 0.9
url:	https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=2df8cec1c3ee66d82313e67c2f3129e62296a4de	Trust: 0.9
url:	https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=ee4f1ec45cc6bd7da0a4b111d772a4058e1df152	Trust: 0.9
url:	http://www.qualcomm.com/	Trust: 0.9
url:	https://source.android.com/security/bulletin/2019-05-01	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11955	Trust: 0.8
url:	https://www.securityfocus.com/bid/108296	Trust: 0.7
url:	https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-may-2019-29239	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/125.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/google-critical-remote-code-execution-flaws-android/144497/	Trust: 0.1

sources: VULHUB: VHN-121866 // VULMON: CVE-2018-11955 // BID: 108296 // JVNDB: JVNDB-2018-015663 // CNNVD: CNNVD-201905-190 // NVD: CVE-2018-11955

CREDITS

Pengfei Ding of Huawei and Google.

Trust: 0.9

sources: BID: 108296 // CNNVD: CNNVD-201905-190

SOURCES

db:	VULHUB	id:	VHN-121866
db:	VULMON	id:	CVE-2018-11955
db:	BID	id:	108296
db:	JVNDB	id:	JVNDB-2018-015663
db:	CNNVD	id:	CNNVD-201905-190
db:	NVD	id:	CVE-2018-11955

LAST UPDATE DATE

2024-11-23T21:52:10.651000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-121866	date:	2019-06-18T00:00:00
db:	VULMON	id:	CVE-2018-11955	date:	2019-06-18T00:00:00
db:	BID	id:	108296	date:	2019-05-06T00:00:00
db:	JVNDB	id:	JVNDB-2018-015663	date:	2019-06-21T00:00:00
db:	CNNVD	id:	CNNVD-201905-190	date:	2019-06-19T00:00:00
db:	NVD	id:	CVE-2018-11955	date:	2024-11-21T03:44:19.343

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-121866	date:	2019-06-14T00:00:00
db:	VULMON	id:	CVE-2018-11955	date:	2019-06-14T00:00:00
db:	BID	id:	108296	date:	2019-05-06T00:00:00
db:	JVNDB	id:	JVNDB-2018-015663	date:	2019-06-21T00:00:00
db:	CNNVD	id:	CNNVD-201905-190	date:	2019-05-07T00:00:00
db:	NVD	id:	CVE-2018-11955	date:	2019-06-14T17:29:00.580