Undefined Behavior in Qualcomm Snapdragon Products
CVE-2018-11288

7.8HIGH

Key Information:

Vendor
Qualcomm
Vendor
CVE Published:
18 January 2019

Summary

The vulnerability stems from the lack of size checks in the function dealing with the parameter 'segment_idx'. This flaw can potentially allow unauthorized access, leading to operational instability or exploitation in a range of Qualcomm Snapdragon products used in automotive, mobile, and wearable applications.

Affected Version(s)

Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDX24, SXR1130

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.