Lucene search

QualcommCVE-2018-11838

HistoryMar 05, 2020 - 9:15 a.m.

CVE-2018-11838

2020-03-0509:15:15

CWE-415

qualcomm

web.nvd.nist.gov

cve-2018-11838

wlan

double free

memory

snapdragon

auto

compute

consumer electronics

connectivity

consumer iot

industrial iot

mobile

voice & music

apq8053

mdm9640

sda660

sdm636

sdm660

sdx20

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

Percentile

12.6%

JSON

Possible double free issue in WLAN due to lack of checking memory free condition. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, MDM9640, SDA660, SDM636, SDM660, SDX20

Affected configurations

Nvd

Node

qualcommapq8053Match-

AND

qualcommapq8053_firmwareMatch-

Node

qualcommmdm9640Match-

AND

qualcommmdm9640_firmwareMatch-

Node

qualcommsda660Match-

AND

qualcommsda660_firmwareMatch-

Node

qualcommsdm636Match-

AND

qualcommsdm636_firmwareMatch-

Node

qualcommsdm660Match-

AND

qualcommsdm660_firmwareMatch-

Node

qualcommsdx20Match-

AND

qualcommsdx20_firmwareMatch-

VendorProductVersionCPE
qualcommapq8053-cpe:2.3:h:qualcomm:apq8053:-:*:*:*:*:*:*:*
qualcommapq8053_firmware-cpe:2.3:o:qualcomm:apq8053_firmware:-:*:*:*:*:*:*:*
qualcommmdm9640-cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*
qualcommmdm9640_firmware-cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*
qualcommsda660-cpe:2.3:h:qualcomm:sda660:-:*:*:*:*:*:*:*
qualcommsda660_firmware-cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*
qualcommsdm636-cpe:2.3:h:qualcomm:sdm636:-:*:*:*:*:*:*:*
qualcommsdm636_firmware-cpe:2.3:o:qualcomm:sdm636_firmware:-:*:*:*:*:*:*:*
qualcommsdm660-cpe:2.3:h:qualcomm:sdm660:-:*:*:*:*:*:*:*
qualcommsdm660_firmware-cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qualcomm	apq8053	-	cpe:2.3:h:qualcomm:apq8053:-:::::::*
qualcomm	apq8053_firmware	-	cpe:2.3:o:qualcomm:apq8053_firmware:-:::::::*
qualcomm	mdm9640	-	cpe:2.3:h:qualcomm:mdm9640:-:::::::*
qualcomm	mdm9640_firmware	-	cpe:2.3:o:qualcomm:mdm9640_firmware:-:::::::*
qualcomm	sda660	-	cpe:2.3:h:qualcomm:sda660:-:::::::*
qualcomm	sda660_firmware	-	cpe:2.3:o:qualcomm:sda660_firmware:-:::::::*
qualcomm	sdm636	-	cpe:2.3:h:qualcomm:sdm636:-:::::::*
qualcomm	sdm636_firmware	-	cpe:2.3:o:qualcomm:sdm636_firmware:-:::::::*
qualcomm	sdm660	-	cpe:2.3:h:qualcomm:sdm660:-:::::::*
qualcomm	sdm660_firmware	-	cpe:2.3:o:qualcomm:sdm660_firmware:-:::::::*

Rows per page:

1-10 of 121

CNA Affected

[
  {
    "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "APQ8053, MDM9640, SDA660, SDM636, SDM660, SDX20"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2018-11838