Vulnerability CVE-2018-5917

Vulnerability CVE-2018-5917

Published: 2018-11-28

Description:

Possible buffer overflow in OEM crypto function due to improper input validation in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU, SD 425, SD 430, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.2/10	10/10	3.9/10

Exploit range	Attack complexity	Authentication
Local	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
Qualcomm -> Msm8996au firmware
Qualcomm -> Sd 425 firmware
Qualcomm -> Sd 430 firmware
Qualcomm -> Sd 450 firmware
Qualcomm -> Sd 625 firmware
Qualcomm -> Sd 820 firmware
Qualcomm -> Sd 820a firmware
Qualcomm -> Sd 835 firmware
Qualcomm -> Sd 845 firmware
Qualcomm -> Sd 850 firmware
Qualcomm -> Sda660 firmware
Qualcomm -> Sda845 firmware
Qualcomm -> Sdx24 firmware
Qualcomm -> Sxr1130 firmware

References:

http://www.securityfocus.com/bid/105838

https://www.qualcomm.com/company/product-security/bulletins

Copyright 2024, cxsecurity.com