CVE-2018-13914

Published: Feb 25, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Lack of input validation for data received from user space can lead to an out of bound array issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in version MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 636, SD 820A, SD 835, SDM630, SDM660, SDX20.

Affected (18)

Products: Qualcomm: Snapdragon Auto Firmware, Snapdragon Consumer Internet Of Things Firmware, Snapdragon Industrial Internet Of Things Firmware, Mdm9150 Firmware, Mdm9206 Firmware, Mdm9607 Firmware, Mdm9650 Firmware, Msm8909w Firmware, Msm8996au Firmware, Sd 210 Firmware, Sd 212 Firmware, Sd 205 Firmware, Sd 636 Firmware, Sd 820a Firmware, Sd 835 Firmware, Sdm630 Firmware, Sdm660 Firmware, Sdx20 Firmware

Qualcomm

18 products

Snapdragon Auto Firmware

Snapdragon Consumer Internet Of Things Firmware

Snapdragon Industrial Internet Of Things Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon Auto Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon Auto	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon Consumer Internet Of Things Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon Consumer Internet Of Things	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Snapdragon Industrial Internet Of Things Firmware	All versions

Running on/with	Platform Versions
Qualcomm Snapdragon Industrial Internet Of Things	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9150 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9150	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9206 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9206	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9607 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9607	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9650 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9650	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8909w Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8909w	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8996au Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8996au	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 210 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 210	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 212 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 212	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 205 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 205	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 636 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 636	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 820a Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 820a	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 835 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 835	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm630 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm630	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm660 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm660	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdx20 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdx20	All versions

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (2)

https://www.codeaurora.org/security-bulletin/2019/02/04/february-2019-code-aurora-security-bulletin

Source: product-security@qualcomm.com

PatchVendor Advisory

https://www.codeaurora.org/security-bulletin/2019/02/04/february-2019-code-aurora-security-bulletin

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.