First published: Thu Sep 20 2018(Updated: )
In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, the com.qualcomm.embms is a vendor package deployed in the system image which has an inadequate permission level and allows any application installed from Play Store to request this permission at install-time. The system application interfaces with the Radio Interface Layer leading to potential access control issue.
Credit: product-security@qualcomm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Android | ||
Google Android | ||
Google Android | ||
Qualcomm Msm8996au | ||
Qualcomm Sd210 Firmware | ||
Google Android | ||
Qualcomm Sd212 Firmware | ||
Qualcomm Sd212 | ||
Qualcomm Sd205 Firmware | ||
Google Android | ||
Google Android | ||
Google Android | ||
Qualcomm Sd450 Firmware | ||
Qualcomm Sd450 | ||
Qualcomm Sd615 Firmware | ||
Qualcomm Sd615 | ||
Google Android | ||
Google Android | ||
Qualcomm Sd415 Firmware | ||
Google Android | ||
Google Android | ||
Qualcomm Sd617 | ||
Qualcomm Sd625 Firmware | ||
Qualcomm Sd625 | ||
Google Android | ||
Qualcomm Sd650 | ||
Google Android | ||
Google Android | ||
Qualcomm Sd810 Firmware | ||
Qualcomm Sd810 | ||
Google Android | ||
Google Android | ||
Google Android | ||
Google Android | ||
Qualcomm Sd835 Firmware | ||
Google Android | ||
Google Android | ||
Google Android | ||
Google Android | ||
Google Android |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-11277 is a vulnerability in Snapdragon (Automobile, Mobile, Wear) in certain firmware versions that allows an attacker to execute arbitrary code within the context of the privileged com.qualcomm.embms process.
CVE-2018-11277 has a severity score of 7.8 out of 10, indicating a high severity vulnerability.
CVE-2018-11277 affects Qualcomm devices running the vulnerable firmware versions of Snapdragon (Automobile, Mobile, Wear), including MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, and SDA660.
To fix CVE-2018-11277, users should apply the latest firmware updates provided by Qualcomm and follow the recommendations outlined in their security bulletin.
More information about CVE-2018-11277 can be found in the security bulletin published by Qualcomm on their website.