Buffer Overflow in Snapdragon Mobile and Wear Devices by Qualcomm
CVE-2018-5881

8.8HIGH

Key Information:

Vendor: Qualcomm
Status: Snapdragon Mobile, Snapdragon Wear
Vendor: CVE Published:; 18 January 2019

What is CVE-2018-5881?

The vulnerability involves improper validation of buffer length checks within the lwm2m device management protocol, leading to potential buffer overflow issues in various Qualcomm Snapdragon mobile and wearable devices. This oversight can expose devices to security risks, enabling attackers to manipulate memory contents and potentially execute arbitrary code. Users are advised to apply security updates provided by Qualcomm to safeguard their devices.

Affected Version(s)

Snapdragon Mobile, Snapdragon Wear MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660

References

https://www.qualcomm.com/company/product-security/bulletins

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 18, 2019
Vulnerability Reserved
Jan 19, 2018