Lucene search

QualcommCVE-2018-5912

HistoryNov 28, 2018 - 3:29 p.m.

CVE-2018-5912

2018-11-2815:29:00

CWE-119

qualcomm

web.nvd.nist.gov

cve-2018-5912

buffer overflow

video

input validation

snapdragon automobile

snapdragon mobile

msm8996au

sd 450

sd 625

sd 820

sd 820a

sd 835

sd 845

sd 850

sda660

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

Percentile

12.6%

JSON

Potential buffer overflow in Video due to lack of input validation in input and output values in Snapdragon Automobile, Snapdragon Mobile in MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660

Affected configurations

Nvd

Node

qualcommmsm8996au_firmwareMatch-

AND

qualcommmsm8996auMatch-

Node

qualcommsd_450_firmwareMatch-

AND

qualcommsd_450Match-

Node

qualcommsd_625_firmwareMatch-

AND

qualcommsd_625Match-

Node

qualcommsd_820_firmwareMatch-

AND

qualcommsd_820Match-

Node

qualcommsd_820a_firmwareMatch-

AND

qualcommsd_820aMatch-

Node

qualcommsd_835_firmwareMatch-

AND

qualcommsd_835Match-

Node

qualcommsd_845_firmwareMatch-

AND

qualcommsd_845Match-

Node

qualcommsd_850_firmwareMatch-

AND

qualcommsd_850Match-

Node

qualcommsda660_firmwareMatch-

AND

qualcommsda660Match-

VendorProductVersionCPE
qualcommmsm8996au_firmware-cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*
qualcommmsm8996au-cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*
qualcommsd_450_firmware-cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*
qualcommsd_450-cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*
qualcommsd_625_firmware-cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*
qualcommsd_625-cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*
qualcommsd_820_firmware-cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*
qualcommsd_820-cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*
qualcommsd_820a_firmware-cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*
qualcommsd_820a-cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qualcomm	msm8996au_firmware	-	cpe:2.3:o:qualcomm:msm8996au_firmware:-:::::::*
qualcomm	msm8996au	-	cpe:2.3:h:qualcomm:msm8996au:-:::::::*
qualcomm	sd_450_firmware	-	cpe:2.3:o:qualcomm:sd_450_firmware:-:::::::*
qualcomm	sd_450	-	cpe:2.3:h:qualcomm:sd_450:-:::::::*
qualcomm	sd_625_firmware	-	cpe:2.3:o:qualcomm:sd_625_firmware:-:::::::*
qualcomm	sd_625	-	cpe:2.3:h:qualcomm:sd_625:-:::::::*
qualcomm	sd_820_firmware	-	cpe:2.3:o:qualcomm:sd_820_firmware:-:::::::*
qualcomm	sd_820	-	cpe:2.3:h:qualcomm:sd_820:-:::::::*
qualcomm	sd_820a_firmware	-	cpe:2.3:o:qualcomm:sd_820a_firmware:-:::::::*
qualcomm	sd_820a	-	cpe:2.3:h:qualcomm:sd_820a:-:::::::*

Rows per page:

1-10 of 181

CNA Affected

[
  {
    "product": "Snapdragon Automobile, Snapdragon Mobile",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2018-5912