Vulnerability Name:

CVE-2018-11258 (CCN-147792)

Assigned:2018-02-05
Published:2018-02-05
Updated:2018-09-06
Summary:In ADSP RPC in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, a Use After Free condition can occur in versions MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDX20.
CVSS v3 Severity:7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-416
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2018-11258

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1041432

Source: XF
Type: UNKNOWN
qualcomm-cve201811258-dos(147792)

Source: CCN
Type: Qualcomm Web site
Security Bulletins

Source: CONFIRM
Type: Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins

Vulnerable Configuration:Configuration 1:
  • cpe:/o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:mdm9206:-:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:mdm9607:-:*:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:mdm9650:-:*:*:*:*:*:*:*

  • Configuration 4:
  • cpe:/o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:msm8909w:-:*:*:*:*:*:*:*

  • Configuration 5:
  • cpe:/o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:msm8996au:-:*:*:*:*:*:*:*

  • Configuration 6:
  • cpe:/o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_210:-:*:*:*:*:*:*:*

  • Configuration 7:
  • cpe:/o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_212:-:*:*:*:*:*:*:*

  • Configuration 8:
  • cpe:/o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_205:-:*:*:*:*:*:*:*

  • Configuration 9:
  • cpe:/o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_425:-:*:*:*:*:*:*:*

  • Configuration 10:
  • cpe:/o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_450:-:*:*:*:*:*:*:*

  • Configuration 11:
  • cpe:/o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_615:-:*:*:*:*:*:*:*

  • Configuration 12:
  • cpe:/o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_616:-:*:*:*:*:*:*:*

  • Configuration 13:
  • cpe:/o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_415:-:*:*:*:*:*:*:*

  • Configuration 14:
  • cpe:/o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_625:-:*:*:*:*:*:*:*

  • Configuration 15:
  • cpe:/o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_650:-:*:*:*:*:*:*:*

  • Configuration 16:
  • cpe:/o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_652:-:*:*:*:*:*:*:*

  • Configuration 17:
  • cpe:/o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_820:-:*:*:*:*:*:*:*

  • Configuration 18:
  • cpe:/o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_820a:-:*:*:*:*:*:*:*

  • Configuration 19:
  • cpe:/o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_835:-:*:*:*:*:*:*:*

  • Configuration 20:
  • cpe:/o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd_845:-:*:*:*:*:*:*:*

  • Configuration 21:
  • cpe:/o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sdx20:-:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/h:qualcomm:snapdragon_mobile:-:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    qualcomm mdm9206 firmware -
    qualcomm mdm9206 -
    qualcomm mdm9607 firmware -
    qualcomm mdm9607 -
    qualcomm mdm9650 firmware -
    qualcomm mdm9650 -
    qualcomm msm8909w firmware -
    qualcomm msm8909w -
    qualcomm msm8996au firmware -
    qualcomm msm8996au -
    qualcomm sd 210 firmware -
    qualcomm sd 210 -
    qualcomm sd 212 firmware -
    qualcomm sd 212 -
    qualcomm sd 205 firmware -
    qualcomm sd 205 -
    qualcomm sd 425 firmware -
    qualcomm sd 425 -
    qualcomm sd 450 firmware -
    qualcomm sd 450 -
    qualcomm sd 615 firmware -
    qualcomm sd 615 -
    qualcomm sd 616 firmware -
    qualcomm sd 616 -
    qualcomm sd 415 firmware -
    qualcomm sd 415 -
    qualcomm sd 625 firmware -
    qualcomm sd 625 -
    qualcomm sd 650 firmware -
    qualcomm sd 650 -
    qualcomm sd 652 firmware -
    qualcomm sd 652 -
    qualcomm sd 820 firmware -
    qualcomm sd 820 -
    qualcomm sd 820a firmware -
    qualcomm sd 820a -
    qualcomm sd 835 firmware -
    qualcomm sd 835 -
    qualcomm sd 845 firmware -
    qualcomm sd 845 -
    qualcomm sdx20 firmware -
    qualcomm sdx20 -
    qualcomm snapdragon mobile -