CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 0CVE-2017-18282
https://notcve.org/view.php?id=CVE-2017-18282
Non-secure SW can cause SDCC to generate secure bus accesses, which may expose RPM access in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660. Un software inseguro puede provocar que SDCC genere accesos seguros al bus, lo que podría exponer el acceso RPM en Snapdragon Mobile y Snapdragon Wear en versiones MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835 y SDA660. • http://www.securitytracker.com/id/1041432 https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components https://www.qualcomm.com/company/product-security/bulletins •
CVSS: 6.5EPSS: 0%CPEs: 62EXPL: 0CVE-2018-5871
https://notcve.org/view.php?id=CVE-2018-5871
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests (for privacy reasons) is not done properly due to a flawed RNG which produces repeating output much earlier than expected. En Snapdragon (Automobile, Mobile y Wear) en versiones MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710 y Snapdragon_High_Med_2016, la aleatorización de direcciones MAC realizada durante las peticiones probe (por razones de privacidad) no se realizó correctamente debido al uso de un RGN con errores, lo cual producía salidas repetidas antes de lo esperado. • https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components https://www.qualcomm.com/company/product-security/bulletins • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 7.8EPSS: 0%CPEs: 40EXPL: 0CVE-2018-11277
https://notcve.org/view.php?id=CVE-2018-11277
In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, the com.qualcomm.embms is a vendor package deployed in the system image which has an inadequate permission level and allows any application installed from Play Store to request this permission at install-time. The system application interfaces with the Radio Interface Layer leading to potential access control issue. En Snapdragon (Automobile, Mobile y Wear) en versiones MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845 y SDA660, com.qualcomm.embms es un paquete del fabricante desplegado en la imagen del sistema que tiene un nivel de permisos inadecuado y permite que cualquier aplicación instalada de la Play Store solicite este permiso en tiempo de instalación. La aplicación del sistema interfiere con Radio Interface Layer, lo que conduce a un potencial problema de control de acceso. • https://www.qualcomm.com/company/product-security/bulletins • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 60EXPL: 0CVE-2018-11292
https://notcve.org/view.php?id=CVE-2018-11292
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, lack of input validation in WLANWMI command handlers can lead to integer & heap overflows. En Snapdragon (Automobile, Mobile y Wear) en versiones MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660 y Snapdragon_High_Med_2016, la falta de validación de entradas en los manejadores del comando WLANWMI puede conducir a desbordamiento de memoria dinámica (heap) de enteros. • http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000051618 https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components https://www.qualcomm.com/company/product-security/bulletins • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 4.7EPSS: 0%CPEs: 38EXPL: 0CVE-2017-18302
https://notcve.org/view.php?id=CVE-2017-18302
In Snapdragon (Automobile ,Mobile) in version MSM8996AU, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, a crafted HLOS client can modify the structure in memory passed to a QSEE application between the time of check and the time of use, resulting in arbitrary writes to TZ kernel memory regions. En Snapdragon (Automobile y Mobile) en versiones MSM8996AU, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660 y Snapdragon_High_Med_2016, un cliente HLOS manipulado puede modificar la estructura en la memoria pasada a una aplicación QSEE entre el momento de la comprobación y el momento del uso, lo que desemboca en escrituras arbitrarias a las regiones de memoria del kernel TZ. • http://www.securitytracker.com/id/1041432 https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components https://www.qualcomm.com/company/product-security/bulletins • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •