CVSS: 8.4EPSS: 0%CPEs: 30EXPL: 0CVE-2018-5891
https://notcve.org/view.php?id=CVE-2018-5891
While processing modem SSR after IMS is registered, the IMS data daemon is restarted but the ipc_dataHandle is no longer available. Consequently, the DPL thread frees the internal memory for dataDHandle but the local variable pointer is not updated which can lead to a Use After Free condition in Snapdragon Mobile and Snapdragon Wear. Al procesar el SSR del módem tras registrar IMS, el demonio de datos IMS se reinicia, pero el ipc_dataHandl ya no está disponible. En consecuencia, el hilo DPL libera la memoria interna para dataDHandle, pero el puntero de variable local no se actualiza, lo que podría conducir a una condición de uso de memoria previamente liberada en Snapdragon Mobile y Snapdragon Wear. • https://www.qualcomm.com/company/product-security/bulletins • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 54EXPL: 0CVE-2018-5892
https://notcve.org/view.php?id=CVE-2018-5892
The Touch Pal application can collect user behavior data without awareness by the user in Snapdragon Mobile and Snapdragon Wear. La aplicación Touch Pal puede recopilar datos del comportamiento del usuario sin que este sea consciente en Snapdragon Mobile y Snapdragon Wear. • https://www.qualcomm.com/company/product-security/bulletins • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 42EXPL: 0CVE-2018-11258
https://notcve.org/view.php?id=CVE-2018-11258
In ADSP RPC in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, a Use After Free condition can occur in versions MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDX20. En ADSP RPC en Snapdragon Automobile, Snapdragon Mobile y Snapdragon Wear, puede ocurrir una condición de uso de memoria previamente liberada en las versiones MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845 y SDX20. • http://www.securitytracker.com/id/1041432 https://www.qualcomm.com/company/product-security/bulletins • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 52EXPL: 0CVE-2018-5838
https://notcve.org/view.php?id=CVE-2018-5838
Improper Validation of Array Index In the adreno OpenGL driver in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur in SurfaceFlinger. Validación incorrecta del índice de arrays en el controlador adreno OpenGL en Snapdragon Automobile, Snapdragon Mobile y Snapdragon Wear por la que un acceso fuera de límites podría incurrir en SurfaceFlinger. • https://www.qualcomm.com/company/product-security/bulletins • CWE-129: Improper Validation of Array Index •
CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 0CVE-2018-5878
https://notcve.org/view.php?id=CVE-2018-5878
While sending the response to a RIL_REQUEST_GET_SMSC_ADDRESS message, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Al enviar la respuesta a un mensaje RIL_REQUEST_GET_SMSC_ADDRESS, podría ocurrir un desbordamiento de búfer en Snapdragon Automobile, Snapdragon Mobile y Snapdragon Wear. • https://www.qualcomm.com/company/product-security/bulletins • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •