Details of VAR-201906-0811

ID

VAR-201906-0811

CVE

CVE-2018-11942

TITLE

plural Snapdragon Information disclosure vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-015660

DESCRIPTION

Failure to initialize the reserved memory which is sent to the firmware might lead to exposure of 1 byte of uninitialized kernel SKB memory to FW in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24. plural Snapdragon The product contains an information disclosure vulnerability.Information may be obtained. Qualcomm MDM9206 and others are products of Qualcomm (Qualcomm). MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. SDX20 is a modem. WLAN is one of the wireless local area network components. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components. The following products and versions are affected: Qualcomm IPQ4019; IPQ8064; IPQ8074; MDM9150; MDM9206; MDM9607; MDM9640; MDM9650; SD 675; SD 712; SD 710; SD 670; SD 730; SD 820A; SD 835; SD 845; SD 850; SD 855; SDA660;

Trust: 1.71

sources: NVD: CVE-2018-11942 // JVNDB: JVNDB-2018-015660 // VULHUB: VHN-121852

AFFECTED PRODUCTS

vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx24	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs405	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 427	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 835	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 710	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 425	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 675	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 820a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8064	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 730	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq4019	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9206	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm630	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8074	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9640	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 670	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx20	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 435	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 855	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 430	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 712	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 636	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 625	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq4019	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	ipq8064	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	ipq8074	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9150	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9206	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9607	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9640	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9650	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm8996au	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qcs405	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2018-015660 // NVD: CVE-2018-11942

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-11942
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-11942
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201906-607
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-121852
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-11942
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-121852
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-11942
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-121852 // JVNDB: JVNDB-2018-015660 // CNNVD: CNNVD-201906-607 // NVD: CVE-2018-11942

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-121852 // JVNDB: JVNDB-2018-015660 // NVD: CVE-2018-11942

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201906-607

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201906-607

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015660

PATCH

title:	May 2019 Code Aurora Security Bulletin (CVE-2018-11942)	url:	https://www.codeaurora.org/security-bulletin/2019/05/06/may-2019-code-aurora-security-bulletin	Trust: 0.8
title:	Multiple Qualcomm product WLAN Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93824	Trust: 0.6

sources: JVNDB: JVNDB-2018-015660 // CNNVD: CNNVD-201906-607

EXTERNAL IDS

db:	NVD	id:	CVE-2018-11942	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-015660	Trust: 0.8
db:	CNNVD	id:	CNNVD-201906-607	Trust: 0.7
db:	VULHUB	id:	VHN-121852	Trust: 0.1

sources: VULHUB: VHN-121852 // JVNDB: JVNDB-2018-015660 // CNNVD: CNNVD-201906-607 // NVD: CVE-2018-11942

REFERENCES

url:	https://www.codeaurora.org/security-bulletin/2019/05/06/may-2019-code-aurora-security-bulletin	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-11942	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11942	Trust: 0.8
url:	https://vigilance.fr/vulnerability/google-android-os-multiple-vulnerabilities-30243	Trust: 0.6

sources: VULHUB: VHN-121852 // JVNDB: JVNDB-2018-015660 // CNNVD: CNNVD-201906-607 // NVD: CVE-2018-11942

SOURCES

db:	VULHUB	id:	VHN-121852
db:	JVNDB	id:	JVNDB-2018-015660
db:	CNNVD	id:	CNNVD-201906-607
db:	NVD	id:	CVE-2018-11942

LAST UPDATE DATE

2024-11-23T22:44:58.335000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-121852	date:	2019-06-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-015660	date:	2019-06-21T00:00:00
db:	CNNVD	id:	CNNVD-201906-607	date:	2019-09-05T00:00:00
db:	NVD	id:	CVE-2018-11942	date:	2024-11-21T03:44:17.883

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-121852	date:	2019-06-14T00:00:00
db:	JVNDB	id:	JVNDB-2018-015660	date:	2019-06-21T00:00:00
db:	CNNVD	id:	CNNVD-201906-607	date:	2019-06-14T00:00:00
db:	NVD	id:	CVE-2018-11942	date:	2019-06-14T17:29:00.470