Skip to main content

Sd 210 Firmware CVE-2018-11846

MEDIUM
Information Exposure (CWE-200)
2018-10-26 product-security@qualcomm.com
4.7
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
4.7 MEDIUM
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 26, 2018 - 13:29 nvd
MEDIUM 4.7

DescriptionNVD

The use of a non-time-constant memory comparison operation can lead to timing/side channel attacks in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 845, SD 850

AnalysisAI

The use of a non-time-constant memory comparison operation can lead to timing/side channel attacks in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 845, SD 850. Rated medium severity (CVSS 4.7). No vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. The use of a non-time-constant memory comparison operation can lead to timing/side channel attacks in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 845, SD 850 Affected products include: Qualcomm Sd 210 Firmware, Qualcomm Sd 212 Firmware, Qualcomm Sd 205 Firmware, Qualcomm Sd 845 Firmware, Qualcomm Sd 850 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2019-2332 CRITICAL
9.8 Nov 06

Memory corruption while accessing the memory as payload size is not validated before access in Snapdragon Auto, Snapdrag

CVE-2019-2331 CRITICAL
9.8 Nov 06

Possible Integer overflow because of subtracting two integers without checking if the result would overflow or not in Sn

CVE-2019-2325 CRITICAL
9.8 Nov 06

Out of boundary access due to token received from ADSP and is used without validation as an index into the array in Snap

CVE-2019-2324 CRITICAL
9.8 Nov 06

When ADSP is compromised, the audio port index that`s returned from ADSP might be out of the valid range and leads to ou

CVE-2019-2323 CRITICAL
9.8 Nov 06

Lack of check to ensure crypto engine data passed by user is initialized can result in bus error in Snapdragon Auto, Sna

CVE-2019-2285 CRITICAL
9.8 Nov 06

Out of bound write issue is observed while giving information about properties that have been set so far for playing vid

CVE-2019-2283 CRITICAL
9.8 Nov 06

Improper validation of read and write index of tx and rx fifo`s before calculating pointer can lead to out-of-bound acce

CVE-2019-2258 CRITICAL
9.8 Nov 06

Improper validation of array index causes OOB write and then leads to memory corruption in MMCP in Snapdragon Auto, Snap

CVE-2019-10542 CRITICAL
9.8 Nov 06

Buffer over-read may occur when downloading a corrupted firmware file that has chunk length in header which doesn`t matc

CVE-2019-10541 CRITICAL
9.8 Nov 06

Dereference on uninitialized buffer can happen when parsing FLV clip with corrupted codec specific data in Snapdragon Au

CVE-2019-10534 CRITICAL
9.8 Nov 06

Null-pointer dereference can occur while accessing the super index entry when it is not been allocated in Snapdragon Aut

CVE-2019-10533 CRITICAL
9.8 Nov 06

Out of bound access due to improper validation of array index cause the index table entry to get corrupt in Snapdragon A

Share

CVE-2018-11846 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy