Vulnerability CVE-2018-11921

Vulnerability CVE-2018-11921

Published: 2018-11-28

Description:

Failure condition is not handled properly and the correct error code is not returned. It could cause unintended SUI behavior and create unintended SUI display in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130.

Type:

CWE-388

(Error Handling)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.2/10	10/10	3.9/10

Exploit range	Attack complexity	Authentication
Local	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
Qualcomm -> Sd 625 firmware
Qualcomm -> Mdm9206 firmware
Qualcomm -> Sd 650 firmware
Qualcomm -> Mdm9607 firmware
Qualcomm -> Sd 652 firmware
Qualcomm -> Mdm9650 firmware
Qualcomm -> Sd 800 firmware
Qualcomm -> Msm8996au firmware
Qualcomm -> Sd 810 firmware
Qualcomm -> Sd 205 firmware
Qualcomm -> Sd 820 firmware
Qualcomm -> Sd 210 firmware
Qualcomm -> Sd 820a firmware
Qualcomm -> Sd 212 firmware
Qualcomm -> Sd 835 firmware
Qualcomm -> Sd 410 firmware
Qualcomm -> Sd 845 firmware
Qualcomm -> Sd 412 firmware
Qualcomm -> Sd 850 firmware
Qualcomm -> Sd 415 firmware
Qualcomm -> Sda660 firmware
Qualcomm -> Sd 425 firmware
Qualcomm -> Sda845 firmware
Qualcomm -> Sd 430 firmware
Qualcomm -> Sdx24 firmware
Qualcomm -> Sd 450 firmware
Qualcomm -> Sxr1130 firmware
Qualcomm -> Sd 615 firmware
Qualcomm -> Sd 616 firmware

References:

http://www.securityfocus.com/bid/106845

https://www.qualcomm.com/company/product-security/bulletins

Copyright 2024, cxsecurity.com