CVE-2018-3583

Published: Jun 14, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A buffer overflow can occur while processing an extscan hotlist event in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA9379, QCS605, SD 625, SD 636, SD 820, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660, SDX20

Affected (18)

Products: Qualcomm: Mdm9206 Firmware, Mdm9607 Firmware, Mdm9640 Firmware, Mdm9650 Firmware, Msm8909w Firmware, Msm8996au Firmware, Qca9379 Firmware, Qcs605 Firmware, Sd 625 Firmware, Sd 636 Firmware, Sd 820 Firmware, Sd 820a Firmware, Sd 835 Firmware, Sd 855 Firmware, Sda660 Firmware, Sdm630 Firmware, Sdm660 Firmware, Sdx20 Firmware

18 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9206 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9206	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9607 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9607	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9640 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9640	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9650 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9650	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8909w Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8909w	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8996au Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8996au	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca9379 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca9379	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcs605 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcs605	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 625 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 625	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 636 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 636	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 820 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 820	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 820a Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 820a	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 835 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 835	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 855 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 855	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sda660 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sda660	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm630 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm630	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm660 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm660	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdx20 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdx20	All versions

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (2)

https://www.codeaurora.org/security-bulletin/2019/05/06/may-2019-code-aurora-security-bulletin

Source: product-security@qualcomm.com

PatchThird Party Advisory

https://www.codeaurora.org/security-bulletin/2019/05/06/may-2019-code-aurora-security-bulletin

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.