Vulnerability CVE-2018-13902


Published: 2019-06-14

Description:
Out of bounds memory read and access due to improper array index validation may lead to unexpected behavior while decoding XTRA file in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130

Type:

CWE-129

(Improper Validation of Array Index)

Vendor: Qualcomm
Product: Sd 855 firmware 
Product: Mdm9640 firmware 
Product: Sd 820 firmware 
Product: Mdm9150 firmware 
Product: Sd 670 firmware 
Product: Sd 625 firmware 
Product: Sd 429 firmware 
Product: Snapdragon high med 2016 firmware 
Product: Sd 205 firmware 
Product: Sda660 firmware 
Product: Mdm9655 firmware 
Product: Sd 835 firmware 
Product: Mdm9607 firmware 
Product: Sd 710 firmware 
Product: Sd 636 firmware 
Product: Sd 435 firmware 
Product: Sd 212 firmware 
Product: Sdm630 firmware 
Product: Msm8996au firmware 
Product: Sd 850 firmware 
Product: Mdm9635m firmware 
Product: Sd 730 firmware 
Product: Sd 652 firmware 
Product: Sd 450 firmware 
Product: Sd 427 firmware 
Product: Sdx20 firmware 
Product: Qcs605 firmware 
Product: Sd 8cx firmware 
Product: Mdm9650 firmware 
Product: Sd 820a firmware 
Product: Mdm9206 firmware 
Product: Sd 675 firmware 
Product: Sd 632 firmware 
Product: Sd 430 firmware 
Product: Sxr1130 firmware 
Product: Sd 210 firmware 
Product: Sdm439 firmware 
Product: Msm8909w firmware 
Product: Sd 845 firmware 
Product: Mdm9615 firmware 
Product: Sd 712 firmware 
Product: Sd 650 firmware 
Product: Sd 439 firmware 
Product: Sd 425 firmware 
Product: Sdm660 firmware 
Product: Qc 215 firmware 

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
https://www.qualcomm.com/company/product-security/bulletins

Related CVE
CVE-2019-2346
Firmware is getting into loop of overwriting memory when scan command is given from host because of improper validation. in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdrago...
CVE-2019-2345
Race condition while accessing DMA buffer in jpeg driver in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, SD 425, SD 427, SD 430, ...
CVE-2019-2343
Out of bound read and information disclosure in firmware due to insufficient checking of an embedded structure that can be sent from a kernel driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon ...
CVE-2019-2334
Null pointer dereferencing can happen when playing the clip with wrong block group id in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon ...
CVE-2019-2330
improper input validation in allocation request for secure allocations can lead to page fault. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearabl...
CVE-2019-2328
Possible buffer overflow when number of channels passed is more than size of channel mapping array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music...
CVE-2019-2327
Possible buffer overflow can occur when playing clip with incorrect element size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Weara...
CVE-2019-2326
Data token is received from ADSP and is used without validation as an index into the array leads to out of bound access in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mo...

Copyright 2019, cxsecurity.com

 

Back to Top