Vulnerability CVE-2018-5916

Vulnerability CVE-2018-5916

Published: 2018-11-28

Description:

Buffer overread while decoding PDP modify request or network initiated secondary PDP activation in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX20, SXR1130.

Type:

CWE-125

(Out-of-bounds Read)

CVSS2 => (AV:A/AC:L/Au:N/C:C/I:N/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
6.1/10	6.9/10	6.5/10

Exploit range	Attack complexity	Authentication
Adjacent network	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Complete	None	None

Affected software
Qualcomm -> Sd 412 firmware
Qualcomm -> Sda660 firmware
Qualcomm -> Mdm9206 firmware
Qualcomm -> Sd 415 firmware
Qualcomm -> Sda845 firmware
Qualcomm -> Mdm9607 firmware
Qualcomm -> Sd 425 firmware
Qualcomm -> Sdx20 firmware
Qualcomm -> Mdm9615 firmware
Qualcomm -> Sd 430 firmware
Qualcomm -> Sxr1130 firmware
Qualcomm -> Mdm9625 firmware
Qualcomm -> Sd 450 firmware
Qualcomm -> Mdm9635m firmware
Qualcomm -> Sd 615 firmware
Qualcomm -> Mdm9640 firmware
Qualcomm -> Sd 616 firmware
Qualcomm -> Mdm9645 firmware
Qualcomm -> Sd 625 firmware
Qualcomm -> Mdm9650 firmware
Qualcomm -> Sd 650 firmware
Qualcomm -> Mdm9655 firmware
Qualcomm -> Sd 652 firmware
Qualcomm -> Msm8909w firmware
Qualcomm -> Sd 810 firmware
Qualcomm -> Msm8996au firmware
Qualcomm -> Sd 820 firmware
Qualcomm -> Sd 205 firmware
Qualcomm -> Sd 820a firmware
Qualcomm -> Sd 210 firmware
Qualcomm -> Sd 835 firmware
Qualcomm -> Sd 212 firmware
Qualcomm -> Sd 845 firmware
Qualcomm -> Sd 410 firmware
Qualcomm -> Sd 850 firmware

References:

http://www.securityfocus.com/bid/105838

https://www.qualcomm.com/company/product-security/bulletins

Copyright 2024, cxsecurity.com