CVE-2018-13914 - OpenCVE

Lack of input validation for data received from user space can lead to an out of bound array issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in version MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 636, SD 820A, SD 835, SDM630, SDM660, SDX20.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Qualcomm	Mdm9607 Firmware Mdm9206 Firmware Mdm9206 Msm8996au Sdm630 Firmware Sdm630 Sd 820a Sdx20 Msm8909w Firmware Snapdragon Consumer Internet Of Things Sdm660 Firmware Snapdragon Auto Sd 636 Sd 212 Sd 820a Firmware Sd 835 Sdx20 Firmware Sd 205 Firmware Sdm660 Sd 835 Firmware Mdm9607 Msm8909w Snapdragon Auto Firmware Snapdragon Industrial Internet Of Things Firmware Mdm9150 Snapdragon Consumer Internet Of Things Firmware Sd 210 Firmware Msm8996au Firmware Mdm9650 Sd 212 Firmware Mdm9150 Firmware Snapdragon Industrial Internet Of Things Sd 210 Mdm9650 Firmware Sd 636 Firmware Sd 205

Configuration 1 [-]

AND

cpe:2.3:o:qualcomm:snapdragon_auto_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:snapdragon_auto:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:qualcomm:snapdragon_consumer_internet_of_things_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:snapdragon_consumer_internet_of_things:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:qualcomm:snapdragon_industrial_internet_of_things_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:snapdragon_industrial_internet_of_things:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:qualcomm:mdm9150_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:mdm9150:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:qualcomm:sd_636_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_636:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdm630:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdm660:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.codeaurora.org/security-bulletin/2019/02/04/february-2019-code-aurora-security-bulletin	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: qualcomm

Published: 2019-02-25T23:00:00

Updated: 2019-02-25T22:57:01

Reserved: 2018-07-11T00:00:00

Link: CVE-2018-13914

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-02-25T22:29:02.853

Modified: 2019-02-26T20:15:23.630

Link: CVE-2018-13914

JSON object: View

Redhat Information

No data.

CWE

CWE-119