CVSS: 7.5EPSS: 0%CPEs: 54EXPL: 0CVE-2018-11290
https://notcve.org/view.php?id=CVE-2018-11290
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820A, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests is not done properly due to a flawed RNG in use. En Snapdragon (Automobile, Mobile y Wear) en versiones MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820A, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20 y Snapdragon_High_Med_2016, la aleatorización de direcciones MAC realizada durante las peticiones probe no se realizó correctamente debido al uso de un RGN con errores. • http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000051618 https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components https://www.qualcomm.com/company/product-security/bulletins • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 7.7EPSS: 0%CPEs: 76EXPL: 0CVE-2018-11259
https://notcve.org/view.php?id=CVE-2018-11259
Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased. Apps processor then has non-secure world full read/write access to the partition until the modem boots and configures the EFS partition addresses in its MPU partition. Debido al control de acceso incorrecto del EFS basado en NAND en Snapdragon Automobile, Snapdragon Mobile y Snapdragon Wear, se puede eliminar la partición EFS desde el fastboot en un dispositivo basado en NAND. El procesador de apps que tiene acceso global completo e inseguro de lectura/escritura a la partición hasta que el módem arranca y configura la partición EFS en su partición MPU. • https://www.qualcomm.com/company/product-security/bulletins • CWE-732: Incorrect Permission Assignment for Critical Resource •