| Vulnerability Name: | CVE-2018-11289 (CCN-158506) |
| Assigned: | 2018-05-18 |
| Published: | 2019-02-25 |
| Updated: | 2019-02-28 |
| Summary: | Data truncation during higher to lower type conversion which causes less memory allocation than desired can lead to a buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130.
|
| CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): High
Availibility (A): High |
8.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): High
Availibility (A): High |
|
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)| Exploitability Metrics: | Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete |
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)| Exploitability Metrics: | Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete |
|
| Vulnerability Type: | CWE-119
|
| Vulnerability Consequences: | Gain Access |
| References: | Source: MITRE
Type: CNA
CVE-2018-11289
Source: BID
Type: Third Party Advisory, VDB Entry
106845
Source: XF
Type: UNKNOWN
qualcomm-cve201811289-bo(158506)
Source: CCN
Type: Qualcomm Web site
Qualcomm
Source: CONFIRM
Type: Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins
|
| Vulnerable Configuration: | Configuration 1:
cpe:/o:qualcomm:ipq8074_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:ipq8074:-:*:*:*:*:*:*:*
Configuration 2:
cpe:/o:qualcomm:mdm9150_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:mdm9150:-:*:*:*:*:*:*:*
Configuration 3:
cpe:/o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:mdm9206:-:*:*:*:*:*:*:*
Configuration 4:
cpe:/o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:mdm9607:-:*:*:*:*:*:*:*
Configuration 5:
cpe:/o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:mdm9650:-:*:*:*:*:*:*:*
Configuration 6:
cpe:/o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:mdm9655:-:*:*:*:*:*:*:*
Configuration 7:
cpe:/o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:msm8996au:-:*:*:*:*:*:*:*
Configuration 8:
cpe:/o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:qca8081:-:*:*:*:*:*:*:*
Configuration 9:
cpe:/o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:qcs605:-:*:*:*:*:*:*:*
Configuration 10:
cpe:/o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_210:-:*:*:*:*:*:*:*
Configuration 11:
cpe:/o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_212:-:*:*:*:*:*:*:*
Configuration 12:
cpe:/o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_205:-:*:*:*:*:*:*:*
Configuration 13:
cpe:/o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_410:-:*:*:*:*:*:*:*
Configuration 14:
cpe:/o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_412:-:*:*:*:*:*:*:*
Configuration 15:
cpe:/o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_425:-:*:*:*:*:*:*:*
Configuration 16:
cpe:/o:qualcomm:sd_427_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_427:-:*:*:*:*:*:*:*
Configuration 17:
cpe:/o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_430:-:*:*:*:*:*:*:*
Configuration 18:
cpe:/o:qualcomm:sd_435_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_435:-:*:*:*:*:*:*:*
Configuration 19:
cpe:/o:qualcomm:sd_439_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_439:-:*:*:*:*:*:*:*
Configuration 20:
cpe:/o:qualcomm:sd_429_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_429:-:*:*:*:*:*:*:*
Configuration 21:
cpe:/o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_450:-:*:*:*:*:*:*:*
Configuration 22:
cpe:/o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_625:-:*:*:*:*:*:*:*
Configuration 23:
cpe:/o:qualcomm:sd_632_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_632:-:*:*:*:*:*:*:*
Configuration 24:
cpe:/o:qualcomm:sd_636_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_636:-:*:*:*:*:*:*:*
Configuration 25:
cpe:/o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_650:-:*:*:*:*:*:*:*
Configuration 26:
cpe:/o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_652:-:*:*:*:*:*:*:*
Configuration 27:
cpe:/o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_675:-:*:*:*:*:*:*:*
Configuration 28:
cpe:/o:qualcomm:sd_712_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_712:-:*:*:*:*:*:*:*
Configuration 29:
cpe:/o:qualcomm:sd_710_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_710:-:*:*:*:*:*:*:*
Configuration 30:
cpe:/o:qualcomm:sd_670_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_670:-:*:*:*:*:*:*:*
Configuration 31:
cpe:/o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_820:-:*:*:*:*:*:*:*
Configuration 32:
cpe:/o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_820a:-:*:*:*:*:*:*:*
Configuration 33:
cpe:/o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_835:-:*:*:*:*:*:*:*
Configuration 34:
cpe:/o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_845:-:*:*:*:*:*:*:*
Configuration 35:
cpe:/o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_850:-:*:*:*:*:*:*:*
Configuration 36:
cpe:/o:qualcomm:sd_8cx_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_8cx:-:*:*:*:*:*:*:*
Configuration 37:
cpe:/o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sda660:-:*:*:*:*:*:*:*
Configuration 38:
cpe:/o:qualcomm:sdm439_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sdm439:-:*:*:*:*:*:*:*
Configuration 39:
cpe:/o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sdm630:-:*:*:*:*:*:*:*
Configuration 40:
cpe:/o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sdm660:-:*:*:*:*:*:*:*
Configuration 41:
cpe:/o:qualcomm:snapdragon_high_med_2016_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:snapdragon_high_med_2016:-:*:*:*:*:*:*:*
Configuration 42:
cpe:/o:qualcomm:sxr1130_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sxr1130:-:*:*:*:*:*:*:*
Configuration CCN 1:
cpe:/h:qualcomm:snapdragon_mobile:-:*:*:*:*:*:*:*OR cpe:/h:qualcomm:snapdragon_auto:-:*:*:*:*:*:*:*OR cpe:/h:qualcomm:snapdragon_compute:-:*:*:*:*:*:*:*OR cpe:/h:qualcomm:snapdragon_connectivity:-:*:*:*:*:*:*:*OR cpe:/h:qualcomm:snapdragon_voice_&_music:-:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| BACK |
qualcomm ipq8074 firmware -
qualcomm ipq8074 -
qualcomm mdm9150 firmware -
qualcomm mdm9150 -
qualcomm mdm9206 firmware -
qualcomm mdm9206 -
qualcomm mdm9607 firmware -
qualcomm mdm9607 -
qualcomm mdm9650 firmware -
qualcomm mdm9650 -
qualcomm mdm9655 firmware -
qualcomm mdm9655 -
qualcomm msm8996au firmware -
qualcomm msm8996au -
qualcomm qca8081 firmware -
qualcomm qca8081 -
qualcomm qcs605 firmware -
qualcomm qcs605 -
qualcomm sd 210 firmware -
qualcomm sd 210 -
qualcomm sd 212 firmware -
qualcomm sd 212 -
qualcomm sd 205 firmware -
qualcomm sd 205 -
qualcomm sd 410 firmware -
qualcomm sd 410 -
qualcomm sd 412 firmware -
qualcomm sd 412 -
qualcomm sd 425 firmware -
qualcomm sd 425 -
qualcomm sd 427 firmware -
qualcomm sd 427 -
qualcomm sd 430 firmware -
qualcomm sd 430 -
qualcomm sd 435 firmware -
qualcomm sd 435 -
qualcomm sd 439 firmware -
qualcomm sd 439 -
qualcomm sd 429 firmware -
qualcomm sd 429 -
qualcomm sd 450 firmware -
qualcomm sd 450 -
qualcomm sd 625 firmware -
qualcomm sd 625 -
qualcomm sd 632 firmware -
qualcomm sd 632 -
qualcomm sd 636 firmware -
qualcomm sd 636 -
qualcomm sd 650 firmware -
qualcomm sd 650 -
qualcomm sd 652 firmware -
qualcomm sd 652 -
qualcomm sd 675 firmware -
qualcomm sd 675 -
qualcomm sd 712 firmware -
qualcomm sd 712 -
qualcomm sd 710 firmware -
qualcomm sd 710 -
qualcomm sd 670 firmware -
qualcomm sd 670 -
qualcomm sd 820 firmware -
qualcomm sd 820 -
qualcomm sd 820a firmware -
qualcomm sd 820a -
qualcomm sd 835 firmware -
qualcomm sd 835 -
qualcomm sd 845 firmware -
qualcomm sd 845 -
qualcomm sd 850 firmware -
qualcomm sd 850 -
qualcomm sd 8cx firmware -
qualcomm sd 8cx -
qualcomm sda660 firmware -
qualcomm sda660 -
qualcomm sdm439 firmware -
qualcomm sdm439 -
qualcomm sdm630 firmware -
qualcomm sdm630 -
qualcomm sdm660 firmware -
qualcomm sdm660 -
qualcomm snapdragon high med 2016 firmware -
qualcomm snapdragon high med 2016 -
qualcomm sxr1130 firmware -
qualcomm sxr1130 -
qualcomm snapdragon mobile -
qualcomm snapdragon auto -
qualcomm snapdragon compute -
qualcomm snapdragon connectivity -
qualcomm snapdragon voice & music -