Details of VAR-201911-1617

ID

VAR-201911-1617

CVE

CVE-2018-13916

TITLE

plural Snapdragon Classic buffer overflow vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-016156

DESCRIPTION

Out-of-bounds memory access in Qurt kernel function when using the identifier to access Qurt kernel buffer to retrieve thread data. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX55, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130. plural Snapdragon The product contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and so on are the products of American Qualcomm. MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. SDX55 is a modem. Kernel in a number of Qualcomm products has a security vulnerability that stems from programs that do not properly validate array indexes. No detailed vulnerability details are provided at this time

Trust: 2.16

sources: NVD: CVE-2018-13916 // JVNDB: JVNDB-2018-016156 // CNVD: CNVD-2020-16060

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-16060

AFFECTED PRODUCTS

vendor:	qualcomm	model:	sxr2130	scope:	eq	version:	-	Trust: 2.2
vendor:	qualcomm	model:	sm8250	scope:	eq	version:	-	Trust: 2.2
vendor:	qualcomm	model:	sxr1130	scope:	eq	version:	-	Trust: 2.2
vendor:	qualcomm	model:	snapdragon high med 2016	scope:	eq	version:	-	Trust: 2.2
vendor:	qualcomm	model:	sm8150	scope:	eq	version:	-	Trust: 2.2
vendor:	qualcomm	model:	msm8909	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8053	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8953	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sc8180x	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8917	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8998	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm429	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs405	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm710	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9206	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8074	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9640	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9655	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8976	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca8081	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8940	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs404	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcm2150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx55	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm636	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8096au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8009	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8098	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8996	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8096	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm632	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm670	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8017	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm630	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qm215	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm439	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn7605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	nicobar	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8909w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8905	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9635m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8920	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx20	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8937	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8009	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	apq8017	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	apq8053	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	apq8096	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	apq8096au	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	apq8098	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	ipq8074	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9150	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9206	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9607	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9150	Trust: 0.6
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9607	Trust: 0.6
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9650	Trust: 0.6
vendor:	qualcomm	model:	msm	scope:	eq	version:	8909	Trust: 0.6
vendor:	qualcomm	model:	msm 8996au	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sda	scope:	eq	version:	660	Trust: 0.6
vendor:	qualcomm	model:	msm 8909w	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9206	Trust: 0.6
vendor:	qualcomm	model:	ipq	scope:	eq	version:	8074	Trust: 0.6
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9640	Trust: 0.6
vendor:	qualcomm	model:	snapdragon high med	scope:	eq	version:	2016	Trust: 0.6
vendor:	qualcomm	model:	sxr	scope:	eq	version:	1130	Trust: 0.6
vendor:	qualcomm	model:	qca	scope:	eq	version:	8081	Trust: 0.6
vendor:	qualcomm	model:	apq 8096au	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	apq	scope:	eq	version:	8098	Trust: 0.6
vendor:	qualcomm	model:	msm	scope:	eq	version:	8998	Trust: 0.6
vendor:	qualcomm	model:	nicobar	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	sda	scope:	eq	version:	845	Trust: 0.6
vendor:	qualcomm	model:	sm	scope:	eq	version:	8150	Trust: 0.6
vendor:	qualcomm	model:	sm	scope:	eq	version:	8250	Trust: 0.6
vendor:	qualcomm	model:	sxr	scope:	eq	version:	2130	Trust: 0.6
vendor:	qualcomm	model:	mdm 9635m	scope:	-	version:	-	Trust: 0.6
vendor:	qualcomm	model:	mdm	scope:	eq	version:	9655	Trust: 0.6
vendor:	qualcomm	model:	msm	scope:	eq	version:	8905	Trust: 0.6
vendor:	qualcomm	model:	msm	scope:	eq	version:	8917	Trust: 0.6
vendor:	qualcomm	model:	msm	scope:	eq	version:	8920	Trust: 0.6
vendor:	qualcomm	model:	msm	scope:	eq	version:	8937	Trust: 0.6
vendor:	qualcomm	model:	msm	scope:	eq	version:	8940	Trust: 0.6
vendor:	qualcomm	model:	msm	scope:	eq	version:	8953	Trust: 0.6
vendor:	qualcomm	model:	msm	scope:	eq	version:	8976	Trust: 0.6
vendor:	marwel	model:	qcm	scope:	eq	version:	2150	Trust: 0.6
vendor:	qualcomm	model:	sdx	scope:	eq	version:	55	Trust: 0.6
vendor:	qualcomm	model:	msm	scope:	eq	version:	8996	Trust: 0.6
vendor:	qualcomm	model:	apq	scope:	eq	version:	8009	Trust: 0.6
vendor:	qualcomm	model:	apq	scope:	eq	version:	8017	Trust: 0.6
vendor:	qualcomm	model:	apq	scope:	eq	version:	8053	Trust: 0.6
vendor:	qualcomm	model:	apq	scope:	eq	version:	8096	Trust: 0.6
vendor:	marwel	model:	qcm	scope:	eq	version:	7605	Trust: 0.6
vendor:	qualcomm	model:	qcn	scope:	eq	version:	404	Trust: 0.6
vendor:	qualcomm	model:	qcn	scope:	eq	version:	405	Trust: 0.6
vendor:	qualcomm	model:	qcn	scope:	eq	version:	605	Trust: 0.6
vendor:	qualcomm	model:	qcs	scope:	eq	version:	215	Trust: 0.6
vendor:	qualcomm	model:	qm	scope:	eq	version:	8180x	Trust: 0.6
vendor:	qualcomm	model:	sc	scope:	eq	version:	660	Trust: 0.6
vendor:	qualcomm	model:	sc	scope:	eq	version:	845	Trust: 0.6
vendor:	qualcomm	model:	sda	scope:	eq	version:	429	Trust: 0.6
vendor:	qualcomm	model:	sda	scope:	eq	version:	439	Trust: 0.6
vendor:	qualcomm	model:	sda	scope:	eq	version:	450	Trust: 0.6
vendor:	qualcomm	model:	sda	scope:	eq	version:	630	Trust: 0.6
vendor:	qualcomm	model:	sda	scope:	eq	version:	632	Trust: 0.6
vendor:	qualcomm	model:	sda	scope:	eq	version:	636	Trust: 0.6
vendor:	qualcomm	model:	sda	scope:	eq	version:	670	Trust: 0.6
vendor:	qualcomm	model:	sda	scope:	eq	version:	710	Trust: 0.6
vendor:	qualcomm	model:	sda	scope:	eq	version:	850	Trust: 0.6
vendor:	qualcomm	model:	sdm	scope:	eq	version:	20	Trust: 0.6

sources: CNVD: CNVD-2020-16060 // JVNDB: JVNDB-2018-016156 // CNNVD: CNNVD-201910-372 // NVD: CVE-2018-13916

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-13916
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-13916
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-16060
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201910-372
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2018-13916
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-16060
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2018-13916
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2018-13916
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-16060 // JVNDB: JVNDB-2018-016156 // CNNVD: CNNVD-201910-372 // NVD: CVE-2018-13916

PROBLEMTYPE DATA

problemtype:

CWE-120

Trust: 1.8

sources: JVNDB: JVNDB-2018-016156 // NVD: CVE-2018-13916

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201910-372

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201910-372

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-016156

PATCH

title:	October 2019 Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin	Trust: 0.8
title:	Patch for Unknown vulnerability in multiple Qualcomm products (CNVD-2020-16060)	url:	https://www.cnvd.org.cn/patchInfo/show/207821	Trust: 0.6
title:	Multiple Qualcomm Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99057	Trust: 0.6

sources: CNVD: CNVD-2020-16060 // JVNDB: JVNDB-2018-016156 // CNNVD: CNNVD-201910-372

EXTERNAL IDS

db:	NVD	id:	CVE-2018-13916	Trust: 3.0
db:	JVNDB	id:	JVNDB-2018-016156	Trust: 0.8
db:	CNVD	id:	CNVD-2020-16060	Trust: 0.6
db:	CNNVD	id:	CNNVD-201910-372	Trust: 0.6

sources: CNVD: CNVD-2020-16060 // JVNDB: JVNDB-2018-016156 // CNNVD: CNNVD-201910-372 // NVD: CVE-2018-13916

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins/october-2019-bulletin	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-13916	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13916	Trust: 0.8
url:	https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-october-2019-30549	Trust: 0.6

sources: CNVD: CNVD-2020-16060 // JVNDB: JVNDB-2018-016156 // CNNVD: CNNVD-201910-372 // NVD: CVE-2018-13916

SOURCES

db:	CNVD	id:	CNVD-2020-16060
db:	JVNDB	id:	JVNDB-2018-016156
db:	CNNVD	id:	CNNVD-201910-372
db:	NVD	id:	CVE-2018-13916

LAST UPDATE DATE

2024-11-23T22:51:33.203000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-16060	date:	2020-03-09T00:00:00
db:	JVNDB	id:	JVNDB-2018-016156	date:	2019-11-29T00:00:00
db:	CNNVD	id:	CNNVD-201910-372	date:	2019-12-05T00:00:00
db:	NVD	id:	CVE-2018-13916	date:	2024-11-21T03:48:19.990

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-16060	date:	2020-03-09T00:00:00
db:	JVNDB	id:	JVNDB-2018-016156	date:	2019-11-29T00:00:00
db:	CNNVD	id:	CNNVD-201910-372	date:	2019-10-08T00:00:00
db:	NVD	id:	CVE-2018-13916	date:	2019-11-21T15:15:12.370