Sd 210 Firmware
CVE-2018-11828
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
When FW tries to get random mac address generated from new SW RNG and ADC values read are constant then DUT get struck in loop while trying to get random ADC samples in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52
AnalysisAI
When FW tries to get random mac address generated from new SW RNG and ADC values read are constant then DUT get struck in loop while trying to get random ADC samples in Snapdragon Mobile in version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400), which allows attackers to cause denial of service by exhausting system resources. When FW tries to get random mac address generated from new SW RNG and ADC values read are constant then DUT get struck in loop while trying to get random ADC samples in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52 Affected products include: Qualcomm Sd 210 Firmware, Qualcomm Sd 212 Firmware, Qualcomm Sd 205 Firmware, Qualcomm Sd 425 Firmware, Qualcomm Sd 430 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement rate limiting, set resource quotas, validate input sizes, use timeouts.
More in Sd 210 Firmware
View allMemory corruption while accessing the memory as payload size is not validated before access in Snapdragon Auto, Snapdrag
Possible Integer overflow because of subtracting two integers without checking if the result would overflow or not in Sn
Out of boundary access due to token received from ADSP and is used without validation as an index into the array in Snap
When ADSP is compromised, the audio port index that`s returned from ADSP might be out of the valid range and leads to ou
Lack of check to ensure crypto engine data passed by user is initialized can result in bus error in Snapdragon Auto, Sna
Out of bound write issue is observed while giving information about properties that have been set so far for playing vid
Improper validation of read and write index of tx and rx fifo`s before calculating pointer can lead to out-of-bound acce
Improper validation of array index causes OOB write and then leads to memory corruption in MMCP in Snapdragon Auto, Snap
Buffer over-read may occur when downloading a corrupted firmware file that has chunk length in header which doesn`t matc
Dereference on uninitialized buffer can happen when parsing FLV clip with corrupted codec specific data in Snapdragon Au
Null-pointer dereference can occur while accessing the super index entry when it is not been allocated in Snapdragon Aut
Out of bound access due to improper validation of array index cause the index table entry to get corrupt in Snapdragon A
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today