ID
VAR-201906-0812
CVE
CVE-2018-11934
TITLE
plural Snapdragon Vulnerability related to out-of-bounds writing in products
Trust: 0.8
DESCRIPTION
Possible out of bounds write due to improper input validation while processing DO_ACS vendor command in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24. plural Snapdragon The product contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and other products are products of Qualcomm. The MDM9206 is a central processing unit (CPU) product. The MDM9607 is a central processing unit (CPU) product. The MDM9640 is a central processing unit (CPU) product. WLAN is one of the wireless LAN components. A buffer overflow vulnerability exists in WLANs in several Qualcomm products. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow. The following products and versions are affected: Qualcomm MDM9150; MDM9206; MDM9607; MDM9640; MDM9650; MSM8996AU; QCA6174A; QCA6574AU; QCA9377; QCA9379; SD 450; SD 625; SD 636; SD 712; SD 710; SD 670; SD 820A; SD 845; SD 850; SD 855; SDA660;
Trust: 2.25
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | qualcomm | model: | mdm9607 | scope: | - | version: | - | Trust: 1.4 |
| vendor: | qualcomm | model: | mdm9206 | scope: | - | version: | - | Trust: 1.4 |
| vendor: | qualcomm | model: | msm8996au | scope: | - | version: | - | Trust: 1.4 |
| vendor: | qualcomm | model: | mdm9650 | scope: | - | version: | - | Trust: 1.4 |
| vendor: | qualcomm | model: | mdm9640 | scope: | - | version: | - | Trust: 1.4 |
| vendor: | qualcomm | model: | mdm9150 | scope: | - | version: | - | Trust: 1.4 |
| vendor: | qualcomm | model: | qca6174a | scope: | - | version: | - | Trust: 1.4 |
| vendor: | qualcomm | model: | qca6574au | scope: | - | version: | - | Trust: 1.4 |
| vendor: | qualcomm | model: | qca9377 | scope: | - | version: | - | Trust: 1.4 |
| vendor: | qualcomm | model: | qca9379 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | msm8996au | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdx24 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qcs605 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 205 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 427 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 212 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sda660 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 710 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 425 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 820a | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9607 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qca9377 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9650 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 850 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9206 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm630 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qca6574au | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 845 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qca6174a | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm660 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 450 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9640 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9150 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 670 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdx20 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 435 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 855 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 430 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 210 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 712 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 636 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sd 625 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qca9379 | scope: | - | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-787 | Trust: 1.9 |
THREAT TYPE
local
Trust: 0.6
TYPE
buffer error
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | May 2019 Code Aurora Security Bulletin | url: | https://www.codeaurora.org/security-bulletin/2019/05/06/may-2019-code-aurora-security-bulletin | Trust: 0.8 |
| title: | Patch for multiple Qualcomm products WLAN buffer overflow vulnerability (CNVD-2019-18598) | url: | https://www.cnvd.org.cn/patchInfo/show/163919 | Trust: 0.6 |
| title: | Multiple Qualcomm product WLAN Buffer error vulnerability fix | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93825 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2018-11934 | Trust: 3.1 |
| db: | JVNDB | id: | JVNDB-2018-015635 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201906-608 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2019-18598 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-121843 | Trust: 0.1 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2018-11934 | Trust: 2.0 |
| url: | https://www.codeaurora.org/security-bulletin/2019/05/06/may-2019-code-aurora-security-bulletin | Trust: 1.7 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11934 | Trust: 0.8 |
SOURCES
| db: | CNVD | id: | CNVD-2019-18598 |
| db: | VULHUB | id: | VHN-121843 |
| db: | JVNDB | id: | JVNDB-2018-015635 |
| db: | CNNVD | id: | CNNVD-201906-608 |
| db: | NVD | id: | CVE-2018-11934 |
LAST UPDATE DATE
2024-11-23T22:55:31.771000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2019-18598 | date: | 2019-06-19T00:00:00 |
| db: | VULHUB | id: | VHN-121843 | date: | 2019-06-17T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-015635 | date: | 2019-06-21T00:00:00 |
| db: | CNNVD | id: | CNNVD-201906-608 | date: | 2019-06-18T00:00:00 |
| db: | NVD | id: | CVE-2018-11934 | date: | 2024-11-21T03:44:16.850 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2019-18598 | date: | 2019-06-19T00:00:00 |
| db: | VULHUB | id: | VHN-121843 | date: | 2019-06-14T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-015635 | date: | 2019-06-21T00:00:00 |
| db: | CNNVD | id: | CNNVD-201906-608 | date: | 2019-06-14T00:00:00 |
| db: | NVD | id: | CVE-2018-11934 | date: | 2019-06-14T17:29:00.363 |