CyberSec.Space Logo
Back to CVE Browser

CVE-2018-11927

HIGH
7.8
CVSS Severity Score
EPSS Score0.1700%
EPSS Percentile10.81th
PublishedMay 24, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

Improper input validation on input which is used as an array index will lead to an out of bounds issue while processing AP find event from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 625, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 845 / SD 850, SD 855, SDX20, SDX24, SM7150

Affected Platforms (CPE)

πŸ’»
Qualcomm

Mdm9150 Firmware

All versions
πŸ’»
Qualcomm

Mdm9206 Firmware

All versions
πŸ’»
Qualcomm

Mdm9607 Firmware

All versions
πŸ’»
Qualcomm

Mdm9640 Firmware

All versions
πŸ’»
Qualcomm

Mdm9650 Firmware

All versions
πŸ’»
Qualcomm

Msm8996au Firmware

All versions
πŸ’»
Qualcomm

Qca6174a Firmware

All versions
πŸ’»
Qualcomm

Qca6574au Firmware

All versions
πŸ’»
Qualcomm

Qca9377 Firmware

All versions
πŸ’»
Qualcomm

Qca9379 Firmware

All versions
πŸ’»
Qualcomm

Sd 210 Firmware

All versions
πŸ’»
Qualcomm

Sd 212 Firmware

All versions
πŸ’»
Qualcomm

Sd 205 Firmware

All versions
πŸ’»
Qualcomm

Sd 625 Firmware

All versions
πŸ’»
Qualcomm

Sd 675 Firmware

All versions
πŸ’»
Qualcomm

Sd 712 Firmware

All versions
πŸ’»
Qualcomm

Sd 710 Firmware

All versions
πŸ’»
Qualcomm

Sd 670 Firmware

All versions
πŸ’»
Qualcomm

Sd 820 Firmware

All versions
πŸ’»
Qualcomm

Sd 820a Firmware

All versions
πŸ’»
Qualcomm

Sd 845 Firmware

All versions
πŸ’»
Qualcomm

Sd 850 Firmware

All versions
πŸ’»
Qualcomm

Sd 855 Firmware

All versions
πŸ’»
Qualcomm

Sdx20 Firmware

All versions
πŸ’»
Qualcomm

Sdx24 Firmware

All versions
πŸ’»
Qualcomm

Sm7150 Firmware

All versions

References & Advisories

πŸ”— https://www.codeaurora.org/security-bulletin/2019/04/01/april-2019-code-aurora-security-bulletin
πŸ”— https://www.codeaurora.org/security-bulletin/2019/04/01/april-2019-code-aurora-security-bulletin

Related Vulnerabilities

CVE-2019-22879.8

Improper validation for inputs received from firmware can lead to an out of bound write issue in video driver. in Snapdragon Auto,...

CVE-2019-23099.8

While storing calibrated data from firmware in cache, An integer overflow may occur since data length received may exceed real dat...

CVE-2019-105429.8

Buffer over-read may occur when downloading a corrupted firmware file that has chunk length in header which doesn`t match the cont...

CVE-2020-36307.8

Possibility of out of bound access while processing the responses from video firmware in Snapdragon Auto, Snapdragon Compute, Snap...