Vulnerability CVE-2018-13924

Vulnerability CVE-2018-13924

Published: 2019-07-22

Description:

Lack of check to prevent the buffer length taking negative values can lead to stack overflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA6174A, QCA8081, QCS404, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
10/10	10/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
Qualcomm -> Qcs405 firmware
Qualcomm -> Sd 625 firmware
Qualcomm -> Sd 855 firmware
Qualcomm -> Ipq8074 firmware
Qualcomm -> Qcs605 firmware
Qualcomm -> Sd 632 firmware
Qualcomm -> Sd 8cx firmware
Qualcomm -> Mdm9150 firmware
Qualcomm -> Qualcomm 215 firmware
Qualcomm -> Sd 636 firmware
Qualcomm -> Sda660 firmware
Qualcomm -> Mdm9206 firmware
Qualcomm -> Sd 205 firmware
Qualcomm -> Sd 650 firmware
Qualcomm -> Sdm439 firmware
Qualcomm -> Mdm9607 firmware
Qualcomm -> Sd 210 firmware
Qualcomm -> Sd 652 firmware
Qualcomm -> Sdm630 firmware
Qualcomm -> Mdm9615 firmware
Qualcomm -> Sd 212 firmware
Qualcomm -> Sd 665 firmware
Qualcomm -> Sdm660 firmware
Qualcomm -> Mdm9625 firmware
Qualcomm -> Sd 415 firmware
Qualcomm -> Sd 670 firmware
Qualcomm -> Sdx20 firmware
Qualcomm -> Mdm9635m firmware
Qualcomm -> Sd 425 firmware
Qualcomm -> Sd 675 firmware
Qualcomm -> Snapdragon high med 2016 firmware
Qualcomm -> Mdm9640 firmware
Qualcomm -> Sd 427 firmware
Qualcomm -> Sd 710 firmware
Qualcomm -> Sxr1130 firmware
Qualcomm -> Mdm9650 firmware
Qualcomm -> Sd 429 firmware
Qualcomm -> Sd 712 firmware
Qualcomm -> Mdm9655 firmware
Qualcomm -> Sd 430 firmware
Qualcomm -> Sd 730 firmware
Qualcomm -> Msm8909w firmware
Qualcomm -> Sd 435 firmware
Qualcomm -> Sd 820 firmware
Qualcomm -> Msm8996au firmware
Qualcomm -> Sd 439 firmware
Qualcomm -> Sd 820a firmware
Qualcomm -> Qca6174a firmware
Qualcomm -> Sd 450 firmware
Qualcomm -> Sd 835 firmware
Qualcomm -> Qca8081 firmware
Qualcomm -> Sd 615 firmware
Qualcomm -> Sd 845 firmware
Qualcomm -> Qcs404 firmware
Qualcomm -> Sd 616 firmware
Qualcomm -> Sd 850 firmware

References:

https://www.qualcomm.com/company/product-security/bulletins

Vulnerability CVE-2018-13924

CWE-119

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

10/10

10/10

10/10

Remote

Low

No required

Complete

Complete

Complete

Affected software

References: