← Back

CVE-2018-11259

nvd nist
Published: Jul 6, 2018Modified: Nov 21, 2024

JSON object

Loading...
7.7
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Exploitability: 2.5 / Impact: 5.2
Source: NVD

Description

Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased. Apps processor then has non-secure world full read/write access to the partition until the modem boots and configures the EFS partition addresses in its MPU partition.

Affected (38)

Qualcomm
38 products
Mdm9206 Firmware
Mdm9607 Firmware
Mdm9635m Firmware
Mdm9640 Firmware
Mdm9650 Firmware
Mdm9655 Firmware
Msm8909w Firmware
Msm8996au Firmware
Sd 210 Firmware
Sd 212 Firmware
Sd 205 Firmware
Sd 410 Firmware
Sd 412 Firmware
Sd 425 Firmware
Sd 427 Firmware
Sd 430 Firmware
Sd 435 Firmware
Sd 450 Firmware
Sd 615 Firmware
Sd 616 Firmware
Sd 415 Firmware
Sd 617 Firmware
Sd 625 Firmware
Sd 650 Firmware
Sd 652 Firmware
Sd 800 Firmware
Sd 810 Firmware
Sd 820 Firmware
Sd 820a Firmware
Sd 835 Firmware
Sd 845 Firmware
Sd 850 Firmware
Sdm630 Firmware
Sdm632 Firmware
Sdm636 Firmware
Sdm660 Firmware
Sdx20 Firmware
Snapdragon High Med 2016 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Mdm9206 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Mdm9206
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Mdm9607 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Mdm9607
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Mdm9635m Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Mdm9635m
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Mdm9640 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Mdm9640
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Mdm9650 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Mdm9650
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Mdm9655 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Mdm9655
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Msm8909w Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Msm8909w
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Msm8996au Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Msm8996au
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sd 210 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sd 210
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sd 212 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sd 212
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sd 205 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sd 205
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sd 410 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sd 410
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sd 412 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sd 412
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sd 425 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sd 425
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sd 427 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sd 427
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sd 430 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sd 430
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sd 435 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sd 435
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sd 450 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sd 450
All versions
Configuration S
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sd 615 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sd 615
All versions
Configuration T
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sd 616 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sd 616
All versions
Configuration U
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sd 415 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sd 415
All versions
Configuration V
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sd 617 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sd 617
All versions
Configuration W
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sd 625 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sd 625
All versions
Configuration X
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sd 650 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sd 650
All versions
Configuration Y
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sd 652 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sd 652
All versions
Configuration Z
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sd 800 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sd 800
All versions
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sd 810 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sd 810
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sd 820 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sd 820
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sd 820a Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sd 820a
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sd 835 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sd 835
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sd 845 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sd 845
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sd 850 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sd 850
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdm630 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sdm630
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdm632 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sdm632
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdm636 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sdm636
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdm660 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sdm660
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdx20 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sdx20
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Snapdragon High Med 2016 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Snapdragon High Med 2016
All versions

Related CWEs

CWE-732
Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (2)

Source: product-security@qualcomm.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.