Sign-up

ID

VAR-201906-0810


CVE

CVE-2018-11939


TITLE

plural Snapdragon Vulnerability in using freed memory in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-015636

DESCRIPTION

Use after issue in WLAN function due to multiple ACS scan requests at a time in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCA6574AU, SD 210/SD 212/SD 205, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SDX20. plural Snapdragon The product contains a vulnerability related to the use of released memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. QualcommMDM9206 and other products are products of Qualcomm. The MDM9206 is a central processing unit (CPU) product. The MDM9607 is a central processing unit (CPU) product. The SDX20 is a modem. A resource management error vulnerability exists in the WLAN features in several Qualcomm products. The vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. There are currently no detailed details of the vulnerability provided. The following products and versions are affected: Qualcomm MDM9150; MDM9206; MDM9607; MDM9640; MDM9650; MSM8909W; QCA6574AU; SD 210; SD 212; SD 205; SDX20

Trust: 2.25

sources: NVD: CVE-2018-11939 // JVNDB: JVNDB-2018-015636 // CNVD: CNVD-2019-18594 // VULHUB: VHN-121848

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-18594

AFFECTED PRODUCTS

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9607scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9206scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9650scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9640scope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9150scope: - version: -

Trust: 1.4

vendor:qualcommmodel:qca6574auscope: - version: -

Trust: 1.4

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 616scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 415scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 652scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sdscope:eqversion:210

Trust: 0.6

vendor:qualcommmodel:sdscope:eqversion:212

Trust: 0.6

sources: CNVD: CNVD-2019-18594 // JVNDB: JVNDB-2018-015636 // NVD: CVE-2018-11939

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-11939
value: HIGH

Trust: 1.0

NVD: CVE-2018-11939
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-18594
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201906-605
value: HIGH

Trust: 0.6

VULHUB: VHN-121848
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-11939
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-18594
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-121848
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-11939
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-18594 // VULHUB: VHN-121848 // JVNDB: JVNDB-2018-015636 // CNNVD: CNNVD-201906-605 // NVD: CVE-2018-11939

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.9

sources: VULHUB: VHN-121848 // JVNDB: JVNDB-2018-015636 // NVD: CVE-2018-11939

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201906-605

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201906-605

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015636

PATCH
title:May 2019 Code Aurora Security Bulletinurl:https://www.codeaurora.org/security-bulletin/2019/05/06/may-2019-code-aurora-security-bulletin
Trust: 0.8
title:Patches for several Qualcomm Product Resource Management Error Vulnerabilities (CNVD-2019-18594)url:https://www.cnvd.org.cn/patchInfo/show/164009
Trust: 0.6
title:Multiple Qualcomm Product resource management error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93822
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-18594 // 
            
            
            
            JVNDB: JVNDB-2018-015636 // 
            
            
            
            CNNVD: CNNVD-201906-605

EXTERNAL IDS
db:NVDid:CVE-2018-11939
Trust: 3.1
db:JVNDBid:JVNDB-2018-015636
Trust: 0.8
db:CNNVDid:CNNVD-201906-605
Trust: 0.7
db:CNVDid:CNVD-2019-18594
Trust: 0.6
db:VULHUBid:VHN-121848
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-18594 // 
            
            
            
            VULHUB: VHN-121848 // 
            
            
            
            JVNDB: JVNDB-2018-015636 // 
            
            
            
            CNNVD: CNNVD-201906-605 // 
            
            
            
            NVD: CVE-2018-11939

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2018-11939
Trust: 2.0
url:https://www.codeaurora.org/security-bulletin/2019/05/06/may-2019-code-aurora-security-bulletin
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11939
Trust: 0.8
url:https://vigilance.fr/vulnerability/google-android-os-multiple-vulnerabilities-30243
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-18594 // 
            
            
            
            VULHUB: VHN-121848 // 
            
            
            
            JVNDB: JVNDB-2018-015636 // 
            
            
            
            CNNVD: CNNVD-201906-605 // 
            
            
            
            NVD: CVE-2018-11939

SOURCES
db:CNVDid:CNVD-2019-18594
db:VULHUBid:VHN-121848
db:JVNDBid:JVNDB-2018-015636
db:CNNVDid:CNNVD-201906-605
db:NVDid:CVE-2018-11939

LAST UPDATE DATE
2024-11-23T22:06:10.126000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-18594date:2019-06-19T00:00:00
db:VULHUBid:VHN-121848date:2019-06-17T00:00:00
db:JVNDBid:JVNDB-2018-015636date:2019-06-21T00:00:00
db:CNNVDid:CNNVD-201906-605date:2019-09-05T00:00:00
db:NVDid:CVE-2018-11939date:2024-11-21T03:44:17.590

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-18594date:2019-06-19T00:00:00
db:VULHUBid:VHN-121848date:2019-06-14T00:00:00
db:JVNDBid:JVNDB-2018-015636date:2019-06-21T00:00:00
db:CNNVDid:CNNVD-201906-605date:2019-06-14T00:00:00
db:NVDid:CVE-2018-11939date:2019-06-14T17:29:00.423