Lucene search

QualcommCVE-2018-11846

HistoryOct 26, 2018 - 1:29 p.m.

CVE-2018-11846

2018-10-2613:29:01

CWE-200

qualcomm

web.nvd.nist.gov

cve-2018-11846

non-time-constant memory comparison

timing attacks

snapdragon mobile

nvd

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

Percentile

12.6%

JSON

The use of a non-time-constant memory comparison operation can lead to timing/side channel attacks in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 845, SD 850

Affected configurations

Nvd

Node

qualcommsd_210Match-

AND

qualcommsd_210_firmwareMatch-

Node

qualcommsd_212Match-

AND

qualcommsd_212_firmwareMatch-

Node

qualcommsd_205Match-

AND

qualcommsd_205_firmwareMatch-

Node

qualcommsd_845_firmwareMatch-

AND

qualcommsd_845Match-

Node

qualcommsd_850_firmwareMatch-

AND

qualcommsd_850Match-

VendorProductVersionCPE
qualcommsd_210-cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*
qualcommsd_210_firmware-cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*
qualcommsd_212-cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*
qualcommsd_212_firmware-cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*
qualcommsd_205-cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*
qualcommsd_205_firmware-cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*
qualcommsd_845_firmware-cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*
qualcommsd_845-cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*
qualcommsd_850_firmware-cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*
qualcommsd_850-cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qualcomm	sd_210	-	cpe:2.3:h:qualcomm:sd_210:-:::::::*
qualcomm	sd_210_firmware	-	cpe:2.3:o:qualcomm:sd_210_firmware:-:::::::*
qualcomm	sd_212	-	cpe:2.3:h:qualcomm:sd_212:-:::::::*
qualcomm	sd_212_firmware	-	cpe:2.3:o:qualcomm:sd_212_firmware:-:::::::*
qualcomm	sd_205	-	cpe:2.3:h:qualcomm:sd_205:-:::::::*
qualcomm	sd_205_firmware	-	cpe:2.3:o:qualcomm:sd_205_firmware:-:::::::*
qualcomm	sd_845_firmware	-	cpe:2.3:o:qualcomm:sd_845_firmware:-:::::::*
qualcomm	sd_845	-	cpe:2.3:h:qualcomm:sd_845:-:::::::*
qualcomm	sd_850_firmware	-	cpe:2.3:o:qualcomm:sd_850_firmware:-:::::::*
qualcomm	sd_850	-	cpe:2.3:h:qualcomm:sd_850:-:::::::*

CNA Affected

[
  {
    "product": "Snapdragon Mobile",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "SD 210/SD 212/SD 205, SD 845, SD 850"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2018-11846