Skip to main content

Sd 835 Firmware CVE-2018-11884

HIGH
Buffer Overflow (CWE-119)
2018-10-29 product-security@qualcomm.com
7.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 29, 2018 - 18:29 nvd
HIGH 7.8

DescriptionNVD

Improper input validation leads to buffer overflow while processing network list offload command in WLAN function in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660

AnalysisAI

Improper input validation leads to buffer overflow while processing network list offload command in WLAN function in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Improper input validation leads to buffer overflow while processing network list offload command in WLAN function in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660 Affected products include: Qualcomm Sd 835 Firmware, Qualcomm Sd 845 Firmware, Qualcomm Sd 850 Firmware, Qualcomm Sda660 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2019-2332 CRITICAL
9.8 Nov 06

Memory corruption while accessing the memory as payload size is not validated before access in Snapdragon Auto, Snapdrag

CVE-2019-2331 CRITICAL
9.8 Nov 06

Possible Integer overflow because of subtracting two integers without checking if the result would overflow or not in Sn

CVE-2019-2325 CRITICAL
9.8 Nov 06

Out of boundary access due to token received from ADSP and is used without validation as an index into the array in Snap

CVE-2019-2323 CRITICAL
9.8 Nov 06

Lack of check to ensure crypto engine data passed by user is initialized can result in bus error in Snapdragon Auto, Sna

CVE-2019-2285 CRITICAL
9.8 Nov 06

Out of bound write issue is observed while giving information about properties that have been set so far for playing vid

CVE-2019-2283 CRITICAL
9.8 Nov 06

Improper validation of read and write index of tx and rx fifo`s before calculating pointer can lead to out-of-bound acce

CVE-2019-2258 CRITICAL
9.8 Nov 06

Improper validation of array index causes OOB write and then leads to memory corruption in MMCP in Snapdragon Auto, Snap

CVE-2019-2249 CRITICAL
9.8 Nov 06

Kernel can do a memory read from arbitrary address passed by user during execution of a syscall in Snapdragon Auto, Snap

CVE-2019-10541 CRITICAL
9.8 Nov 06

Dereference on uninitialized buffer can happen when parsing FLV clip with corrupted codec specific data in Snapdragon Au

CVE-2019-10534 CRITICAL
9.8 Nov 06

Null-pointer dereference can occur while accessing the super index entry when it is not been allocated in Snapdragon Aut

CVE-2019-10533 CRITICAL
9.8 Nov 06

Out of bound access due to improper validation of array index cause the index table entry to get corrupt in Snapdragon A

CVE-2019-10528 CRITICAL
9.8 Nov 06

Use after free issue in kernel while accessing freed mdlog session info and its attributes after closing the session in

Share

CVE-2018-11884 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy