Undefined Behavior in Qualcomm Snapdragon Products
CVE-2018-11288
7.8HIGH
Key Information:
- Vendor
- Qualcomm
- Vendor
- CVE Published:
- 18 January 2019
Summary
The vulnerability stems from the lack of size checks in the function dealing with the parameter 'segment_idx'. This flaw can potentially allow unauthorized access, leading to operational instability or exploitation in a range of Qualcomm Snapdragon products used in automotive, mobile, and wearable applications.
Affected Version(s)
Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDX24, SXR1130
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved