Skip to main content

Sd 210 Firmware CVE-2018-11257

HIGH
2018-07-06 product-security@qualcomm.com
7.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 06, 2018 - 17:29 nvd
HIGH 7.8

DescriptionNVD

Permissions, Privileges, and Access Controls in TA in Snapdragon Mobile has an options that allows RPMB erase for secure devices in versions SD 210/SD 212/SD 205, SD 845, SD 850.

AnalysisAI

Permissions, Privileges, and Access Controls in TA in Snapdragon Mobile has an options that allows RPMB erase for secure devices in versions SD 210/SD 212/SD 205, SD 845, SD 850. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

Permissions, Privileges, and Access Controls in TA in Snapdragon Mobile has an options that allows RPMB erase for secure devices in versions SD 210/SD 212/SD 205, SD 845, SD 850. Affected products include: Qualcomm Sd 210 Firmware, Qualcomm Sd 212 Firmware, Qualcomm Sd 205 Firmware, Qualcomm Sd 845 Firmware, Qualcomm Sd 850 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2019-2332 CRITICAL
9.8 Nov 06

Memory corruption while accessing the memory as payload size is not validated before access in Snapdragon Auto, Snapdrag

CVE-2019-2331 CRITICAL
9.8 Nov 06

Possible Integer overflow because of subtracting two integers without checking if the result would overflow or not in Sn

CVE-2019-2325 CRITICAL
9.8 Nov 06

Out of boundary access due to token received from ADSP and is used without validation as an index into the array in Snap

CVE-2019-2324 CRITICAL
9.8 Nov 06

When ADSP is compromised, the audio port index that`s returned from ADSP might be out of the valid range and leads to ou

CVE-2019-2323 CRITICAL
9.8 Nov 06

Lack of check to ensure crypto engine data passed by user is initialized can result in bus error in Snapdragon Auto, Sna

CVE-2019-2285 CRITICAL
9.8 Nov 06

Out of bound write issue is observed while giving information about properties that have been set so far for playing vid

CVE-2019-2283 CRITICAL
9.8 Nov 06

Improper validation of read and write index of tx and rx fifo`s before calculating pointer can lead to out-of-bound acce

CVE-2019-2258 CRITICAL
9.8 Nov 06

Improper validation of array index causes OOB write and then leads to memory corruption in MMCP in Snapdragon Auto, Snap

CVE-2019-10542 CRITICAL
9.8 Nov 06

Buffer over-read may occur when downloading a corrupted firmware file that has chunk length in header which doesn`t matc

CVE-2019-10541 CRITICAL
9.8 Nov 06

Dereference on uninitialized buffer can happen when parsing FLV clip with corrupted codec specific data in Snapdragon Au

CVE-2019-10534 CRITICAL
9.8 Nov 06

Null-pointer dereference can occur while accessing the super index entry when it is not been allocated in Snapdragon Aut

CVE-2019-10533 CRITICAL
9.8 Nov 06

Out of bound access due to improper validation of array index cause the index table entry to get corrupt in Snapdragon A

Share

CVE-2018-11257 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy