CVSS: 7.8EPSS: 0%CPEs: 82EXPL: 0CVE-2018-13913
https://notcve.org/view.php?id=CVE-2018-13913
25 Feb 2019 — Improper validation of array index can lead to unauthorized access while processing debugFS in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in version MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM63... • https://www.codeaurora.org/security-bulletin/2019/02/04/february-2019-code-aurora-security-bulletin • CWE-129: Improper Validation of Array Index •
CVSS: 5.5EPSS: 0%CPEs: 80EXPL: 0CVE-2018-11845
https://notcve.org/view.php?id=CVE-2018-11845
25 Feb 2019 — Usage of non-time-constant comparison functions can lead to information leakage through side channel analysis in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in versions MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 65... • http://www.securityfocus.com/bid/106845 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 84EXPL: 0CVE-2018-11864
https://notcve.org/view.php?id=CVE-2018-11864
25 Feb 2019 — Bytes can be written to fuses from Secure region which can be read later by HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, ... • http://www.securityfocus.com/bid/106845 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 72EXPL: 0CVE-2018-13912
https://notcve.org/view.php?id=CVE-2018-13912
25 Feb 2019 — Arbitrary write issue can occur when user provides kernel address in compat mode in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24. Puede ocurrir ... • https://www.codeaurora.org/security-bulletin/2019/02/04/february-2019-code-aurora-security-bulletin • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 92EXPL: 0CVE-2018-11820
https://notcve.org/view.php?id=CVE-2018-11820
25 Feb 2019 — Use of non-time constant memcmp function creates side channel that leaks information and leads to cryptographic issues in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 20... • http://www.securityfocus.com/bid/106845 •
CVSS: 7.8EPSS: 0%CPEs: 90EXPL: 0CVE-2018-11938
https://notcve.org/view.php?id=CVE-2018-11938
25 Feb 2019 — Improper input validation for argument received from HLOS can lead to buffer overflows and unexpected behavior in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCA8081, QCS605, SD 210/SD 212... • http://www.securityfocus.com/bid/106845 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 26EXPL: 0CVE-2018-13904
https://notcve.org/view.php?id=CVE-2018-13904
25 Feb 2019 — Improper input validation in SCM handler to access storage in TZ can lead to unauthorized access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in versions MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 410/12, SD 675, SD 712 / SD 710 / SD 670, SD 8CX, SXR1130. La validación de entradas incorrecta en el manejador SCM para acceder al almacenamiento en TZ puede conducir al acceso no autorizado en Snapd... • http://www.securityfocus.com/bid/106845 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 36EXPL: 0CVE-2018-13914
https://notcve.org/view.php?id=CVE-2018-13914
25 Feb 2019 — Lack of input validation for data received from user space can lead to an out of bound array issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in version MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 636, SD 820A, SD 835, SDM630, SDM660, SDX20. La falta de validación de entradas para los datos recibidos del espacio de usuario puede conducir a un problema de array fuera de límites en Snapdragon Auto, Snapd... • https://www.codeaurora.org/security-bulletin/2019/02/04/february-2019-code-aurora-security-bulletin • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 40EXPL: 0CVE-2018-13905
https://notcve.org/view.php?id=CVE-2018-13905
25 Feb 2019 — KGSL syncsource lock not handled properly during syncsource cleanup can lead to use after free issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, QCS605, SD 210/SD 212/SD 205, SD 439 / SD 429, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SD 855, SDM439, SDM660, SDX24. El bloqueo de sincronización de fuentes de KGSL que no se gestiona correctamente durante la limpieza de sincronización de fuentes... • http://www.securityfocus.com/bid/106949 • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 56EXPL: 0CVE-2018-11935
https://notcve.org/view.php?id=CVE-2018-11935
25 Feb 2019 — Improper input validation might result in incorrect app id returned to the caller Instead of returning failure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in versions MDM9607, MDM9650, MDM9655, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM630, SDM... • http://www.securityfocus.com/bid/106845 • CWE-20: Improper Input Validation •