CVE-2018-11267

Published: Sep 20, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, when sending an malformed XML data to deviceprogrammer/firehose it may do an out of bounds buffer write allowing a region of memory to be filled with 0x20.

Affected (39)

Products: Qualcomm: Mdm9206 Firmware, Mdm9607 Firmware, Mdm9615 Firmware, Mdm9640 Firmware, Mdm9650 Firmware, Mdm9655 Firmware, Msm8996au Firmware, Sd210 Firmware, Sd212 Firmware, Sd205 Firmware, Sd410 Firmware, Sd412 Firmware, Sd425 Firmware, Sd427 Firmware, Sd430 Firmware, Sd435 Firmware, Sd450 Firmware, Sd600 Firmware, Sd615 Firmware, Sd616 Firmware, Sd415 Firmware, Sd617 Firmware, Sd625 Firmware, Sd650 Firmware, Sd652 Firmware, Sd820 Firmware, Sd820a Firmware, Sd835 Firmware, Sd845 Firmware, Sd850 Firmware, Sda660 Firmware, Sdm429 Firmware, Sdm439 Firmware, Sdm630 Firmware, Sdm632 Firmware, Sdm636 Firmware, Sdm660 Firmware, Sdx20 Firmware, Snapdragon High Med 2016 Firmware

39 products

Snapdragon High Med 2016 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9206 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9206	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9607 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9607	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9615 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9615	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9640 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9640	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9650 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9650	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9655 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9655	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8996au Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8996au	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd210 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd210	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd212 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd212	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd205 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd205	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd410 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd410	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd412 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd412	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd425 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd425	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd427 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd427	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd430 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd430	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd435 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd435	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd450 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd450	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd600 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd600	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd615 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd615	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd616 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd616	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd415 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd415	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd617 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd617	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd625 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd625	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd650 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd650	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd652 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd652	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd820 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd820	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd820a Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd820a	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd835 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd835	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd845 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd845	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd850 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd850	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sda660 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sda660	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm429 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm429	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm439 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm439	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm630 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm630	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm632 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm632	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm636 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm636	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm660 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm660	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdx20 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdx20	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon High Med 2016 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon High Med 2016	All versions

Related CWEs

CWE-129

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (4)

http://www.securityfocus.com/bid/106128

Source: product-security@qualcomm.com

Third Party AdvisoryVDB Entry

https://www.qualcomm.com/company/product-security/bulletins

Source: product-security@qualcomm.com

Vendor Advisory

http://www.securityfocus.com/bid/106128

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.qualcomm.com/company/product-security/bulletins

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.