Vulnerability Name: CVE-2018-11267 (CCN-150325) Assigned: 2018-09-04 Published: 2018-09-04 Updated: 2019-03-06 Summary: In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, when sending an malformed XML data to deviceprogrammer/firehose it may do an out of bounds buffer write allowing a region of memory to be filled with 0x20. CVSS v3 Severity: 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H )6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
8.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H )7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C )Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C )Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-129 Vulnerability Consequences: Gain Access References: Source: MITRE Type: CNACVE-2018-11267 Source: BID Type: Third Party Advisory, VDB Entry106128 Source: XF Type: UNKNOWNqualcomm-cve201811267-bo(150325) Source: CCN Type: Qualcomm Web siteSecurity Bulletins Source: CONFIRM Type: Vendor Advisoryhttps://www.qualcomm.com/company/product-security/bulletins Vulnerable Configuration: Configuration 1 :cpe:/o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:mdm9206:-:*:*:*:*:*:*:* Configuration 2 :cpe:/o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:mdm9607:-:*:*:*:*:*:*:* Configuration 3 :cpe:/o:qualcomm:mdm9615_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:mdm9615:-:*:*:*:*:*:*:* Configuration 4 :cpe:/o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:mdm9640:-:*:*:*:*:*:*:* Configuration 5 :cpe:/o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:mdm9650:-:*:*:*:*:*:*:* Configuration 6 :cpe:/o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:mdm9655:-:*:*:*:*:*:*:* Configuration 7 :cpe:/o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:msm8996au:-:*:*:*:*:*:*:* Configuration 8 :cpe:/o:qualcomm:sd210_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd210:-:*:*:*:*:*:*:* Configuration 9 :cpe:/o:qualcomm:sd212_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd212:-:*:*:*:*:*:*:* Configuration 10 :cpe:/o:qualcomm:sd205_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd205:-:*:*:*:*:*:*:* Configuration 11 :cpe:/o:qualcomm:sd410_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd410:-:*:*:*:*:*:*:* Configuration 12 :cpe:/o:qualcomm:sd412_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd412:-:*:*:*:*:*:*:* Configuration 13 :cpe:/o:qualcomm:sd425_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd425:-:*:*:*:*:*:*:* Configuration 14 :cpe:/o:qualcomm:sd427_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd427:-:*:*:*:*:*:*:* Configuration 15 :cpe:/o:qualcomm:sd430_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd430:-:*:*:*:*:*:*:* Configuration 16 :cpe:/o:qualcomm:sd435_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd435:-:*:*:*:*:*:*:* Configuration 17 :cpe:/o:qualcomm:sd450_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd450:-:*:*:*:*:*:*:* Configuration 18 :cpe:/o:qualcomm:sd600_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd600:-:*:*:*:*:*:*:* Configuration 19 :cpe:/o:qualcomm:sd615_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd615:-:*:*:*:*:*:*:* Configuration 20 :cpe:/o:qualcomm:sd616_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd616:-:*:*:*:*:*:*:* Configuration 21 :cpe:/o:qualcomm:sd415_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd415:-:*:*:*:*:*:*:* Configuration 22 :cpe:/o:qualcomm:sd617_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd617:-:*:*:*:*:*:*:* Configuration 23 :cpe:/o:qualcomm:sd625_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd625:-:*:*:*:*:*:*:* Configuration 24 :cpe:/o:qualcomm:sd650_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd650:-:*:*:*:*:*:*:* Configuration 25 :cpe:/o:qualcomm:sd652_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd652:-:*:*:*:*:*:*:* Configuration 26 :cpe:/o:qualcomm:sd820_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd820:-:*:*:*:*:*:*:* Configuration 27 :cpe:/o:qualcomm:sd820a_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd820a:-:*:*:*:*:*:*:* Configuration 28 :cpe:/o:qualcomm:sd835_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd835:-:*:*:*:*:*:*:* Configuration 29 :cpe:/o:qualcomm:sd845_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd845:-:*:*:*:*:*:*:* Configuration 30 :cpe:/o:qualcomm:sd850_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd850:-:*:*:*:*:*:*:* Configuration 31 :cpe:/o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sda660:-:*:*:*:*:*:*:* Configuration 32 :cpe:/o:qualcomm:sdm429_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sdm429:-:*:*:*:*:*:*:* Configuration 33 :cpe:/o:qualcomm:sdm439_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sdm439:-:*:*:*:*:*:*:* Configuration 34 :cpe:/o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sdm630:-:*:*:*:*:*:*:* Configuration 35 :cpe:/o:qualcomm:sdm632_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sdm632:-:*:*:*:*:*:*:* Configuration 36 :cpe:/o:qualcomm:sdm636_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sdm636:-:*:*:*:*:*:*:* Configuration 37 :cpe:/o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sdm660:-:*:*:*:*:*:*:* Configuration 38 :cpe:/o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sdx20:-:*:*:*:*:*:*:* Configuration 39 :cpe:/o:qualcomm:snapdragon_high_med_2016_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:snapdragon_high_med_2016:-:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/h:qualcomm:snapdragon_mobile:-:*:*:*:*:*:*:* Denotes that component is vulnerable BACK
qualcomm mdm9206 firmware -
qualcomm mdm9206 -
qualcomm mdm9607 firmware -
qualcomm mdm9607 -
qualcomm mdm9615 firmware -
qualcomm mdm9615 -
qualcomm mdm9640 firmware -
qualcomm mdm9640 -
qualcomm mdm9650 firmware -
qualcomm mdm9650 -
qualcomm mdm9655 firmware -
qualcomm mdm9655 -
qualcomm msm8996au firmware -
qualcomm msm8996au -
qualcomm sd210 firmware -
qualcomm sd210 -
qualcomm sd212 firmware -
qualcomm sd212 -
qualcomm sd205 firmware -
qualcomm sd205 -
qualcomm sd410 firmware -
qualcomm sd410 -
qualcomm sd412 firmware -
qualcomm sd412 -
qualcomm sd425 firmware -
qualcomm sd425 -
qualcomm sd427 firmware -
qualcomm sd427 -
qualcomm sd430 firmware -
qualcomm sd430 -
qualcomm sd435 firmware -
qualcomm sd435 -
qualcomm sd450 firmware -
qualcomm sd450 -
qualcomm sd600 firmware -
qualcomm sd600 -
qualcomm sd615 firmware -
qualcomm sd615 -
qualcomm sd616 firmware -
qualcomm sd616 -
qualcomm sd415 firmware -
qualcomm sd415 -
qualcomm sd617 firmware -
qualcomm sd617 -
qualcomm sd625 firmware -
qualcomm sd625 -
qualcomm sd650 firmware -
qualcomm sd650 -
qualcomm sd652 firmware -
qualcomm sd652 -
qualcomm sd820 firmware -
qualcomm sd820 -
qualcomm sd820a firmware -
qualcomm sd820a -
qualcomm sd835 firmware -
qualcomm sd835 -
qualcomm sd845 firmware -
qualcomm sd845 -
qualcomm sd850 firmware -
qualcomm sd850 -
qualcomm sda660 firmware -
qualcomm sda660 -
qualcomm sdm429 firmware -
qualcomm sdm429 -
qualcomm sdm439 firmware -
qualcomm sdm439 -
qualcomm sdm630 firmware -
qualcomm sdm630 -
qualcomm sdm632 firmware -
qualcomm sdm632 -
qualcomm sdm636 firmware -
qualcomm sdm636 -
qualcomm sdm660 firmware -
qualcomm sdm660 -
qualcomm sdx20 firmware -
qualcomm sdx20 -
qualcomm snapdragon high med 2016 firmware -
qualcomm snapdragon high med 2016 -
qualcomm snapdragon mobile -