CVE-2017-18131
https://notcve.org/view.php?id=CVE-2017-18131
In QTEE, an incorrect fuse value can be blown in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 820, SD 820A, SD 835, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016. En QTEE, se puede sobrecargar un valor de fusible incorrecto en Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear en las versiones MDM9206, MDM9607, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 820, SD 820A, SD 835, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016. • https://www.qualcomm.com/company/product-security/bulletins • CWE-665: Improper Initialization •
CVE-2018-11966
https://notcve.org/view.php?id=CVE-2018-11966
Undefined behavior in UE while processing unknown IEI in OTA message in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SM7150, Snapdragon_High_Med_2016, SXR1130 Un comportamiento no definido en el equipo de usuario (UE) durante el procesamiento de IEI en mensajes Over-the-Air (OTA) en Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile y Snapdragon Wearables, en versiones, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SM7150 y Snapdragon_High_Med_2016, SXR1130 • https://www.qualcomm.com/company/product-security/bulletins • CWE-20: Improper Input Validation •
CVE-2018-13918
https://notcve.org/view.php?id=CVE-2018-13918
kernel could return a received message length higher than expected, which leads to buffer overflow in a subsequent operation and stops normal operation in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 675, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM439, SDX24, SM7150 El kernel podría devolver un mensaje recibido con una longitud superior a lo esperado, lo cual conduce a un desbordamiento de búfer en una operación posterior y detiene el funcionamiento normal en Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, en versiones MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 675, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM439, SDX24 y SM7150 • https://www.qualcomm.com/company/product-security/bulletins • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2018-11830
https://notcve.org/view.php?id=CVE-2018-11830
Improper input validation in QCPE create function may lead to integer overflow in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, SD 410/12, SD 820A Una validación de entradas incorrecta en la función "create" de QCPE podría conducir a un desbordamiento de enteros en Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT y Snapdragon Mobile en MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, SD 410/12, SD 820A. • https://www.qualcomm.com/company/product-security/bulletins • CWE-20: Improper Input Validation •
CVE-2018-11970
https://notcve.org/view.php?id=CVE-2018-11970
TZ App dynamic allocations not protected from XBL loader in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 410/12, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SD 8CX, SDA660, SDM630, SDM660, SXR1130 Las asignaciones dinámicas de aplicaciones TZ no están protegidas contra el cargador XBL en Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT y Snapdragon Mobile, en versiones MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 410/12, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SD 8CX, SDA660, SDM630, SDM660 y SXR1130. • https://www.qualcomm.com/company/product-security/bulletins •