CVE-2018-13903

Published: Sep 8, 2020Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

u'Error in UE due to race condition in EPCO handling' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, MDM9205, MDM9206, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, SDM450, SM8150

Affected (11)

Products: Qualcomm: Apq8053 Firmware, Mdm9205 Firmware, Mdm9206 Firmware, Msm8909w Firmware, Msm8917 Firmware, Msm8920 Firmware, Msm8937 Firmware, Msm8940 Firmware, Msm8953 Firmware, Sdm450 Firmware, Sm8150 Firmware

11 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Apq8053 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Apq8053	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9205 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9205	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9206 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9206	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8909w Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8909w	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8917 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8917	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8920 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8920	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8937 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8937	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8940 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8940	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8953 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8953	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm450 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm450	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm8150 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm8150	All versions

Related CWEs

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (3)

https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin

Source: product-security@qualcomm.com

Broken Link

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin

Source: nvd@nist.gov

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.