Vulnerability CVE-2018-13899

Vulnerability CVE-2018-13899

Published: 2019-05-24

Description:

Processing messages after error may result in user after free memory fault in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SM7150

Type:

CWE-416

(Use After Free)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.2/10	10/10	3.9/10

Exploit range	Attack complexity	Authentication
Local	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
Qualcomm -> Sd 675 firmware
Qualcomm -> Mdm9150 firmware
Qualcomm -> Sd 710 firmware
Qualcomm -> Mdm9206 firmware
Qualcomm -> Sd 712 firmware
Qualcomm -> Mdm9607 firmware
Qualcomm -> Sd 820 firmware
Qualcomm -> Mdm9650 firmware
Qualcomm -> Sd 820a firmware
Qualcomm -> Msm8909w firmware
Qualcomm -> Sd 845 firmware
Qualcomm -> Qcs605 firmware
Qualcomm -> Sd 850 firmware
Qualcomm -> Qualcomm 215 firmware
Qualcomm -> Sd 855 firmware
Qualcomm -> Sd 425 firmware
Qualcomm -> Sda660 firmware
Qualcomm -> Sd 429 firmware
Qualcomm -> Sdm439 firmware
Qualcomm -> Sd 439 firmware
Qualcomm -> Sdm630 firmware
Qualcomm -> Sd 450 firmware
Qualcomm -> Sdm660 firmware
Qualcomm -> Sd 625 firmware
Qualcomm -> Sdx20 firmware
Qualcomm -> Sd 632 firmware
Qualcomm -> Sdx24 firmware
Qualcomm -> Sd 636 firmware
Qualcomm -> Sm7150 firmware
Qualcomm -> Sd 670 firmware
Qualcomm -> Qm215 firmware

References:

https://www.codeaurora.org/security-bulletin/2019/04/01/april-2019-code-aurora-security-bulletin

Copyright 2024, cxsecurity.com