CVE-2018-11277
First published: Thu Sep 20 2018(Updated: )
In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, the com.qualcomm.embms is a vendor package deployed in the system image which has an inadequate permission level and allows any application installed from Play Store to request this permission at install-time. The system application interfaces with the Radio Interface Layer leading to potential access control issue.
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Qualcomm MSM8909W | ||
| Qualcomm MSM8909W | ||
| Qualcomm MSM8996AU Firmware | ||
| Qualcomm MSM8996AU Firmware | ||
| Qualcomm sd210 firmware | ||
| Qualcomm sd210 | ||
| qualcomm sd212 firmware | ||
| qualcomm sd212 | ||
| Qualcomm sd205 firmware | ||
| Qualcomm sd205 | ||
| qualcomm sd430 firmware | ||
| qualcomm sd430 | ||
| Qualcomm sd450 firmware | ||
| Qualcomm sd450 | ||
| qualcomm sd615 firmware | ||
| qualcomm sd615 | ||
| Qualcomm sd616 firmware | ||
| Qualcomm sd616 | ||
| qualcomm sd415 firmware | ||
| qualcomm sd415 | ||
| qualcomm sd617 firmware | ||
| Qualcomm QCA617 | ||
| qualcomm sd625 firmware | ||
| qualcomm sd625 | ||
| qualcomm sd650 firmware | ||
| qualcomm sd650 | ||
| qualcomm sd652 firmware | ||
| qualcomm sd652 | ||
| qualcomm sd810 firmware | ||
| qualcomm sd810 | ||
| qualcomm sd820 Firmware | ||
| qualcomm sd820 | ||
| qualcomm sd820a firmware | ||
| qualcomm sd820a | ||
| Qualcomm sd835 firmware | ||
| Qualcomm sd835 | ||
| Qualcomm sd845 firmware | ||
| Qualcomm sd845 | ||
| qualcomm SDA660 firmware | ||
| qualcomm SDA660 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-11277?
CVE-2018-11277 is a vulnerability in Snapdragon (Automobile, Mobile, Wear) in certain firmware versions that allows an attacker to execute arbitrary code within the context of the privileged com.qualcomm.embms process.
How severe is CVE-2018-11277?
CVE-2018-11277 has a severity score of 7.8 out of 10, indicating a high severity vulnerability.
How does CVE-2018-11277 affect Qualcomm devices?
CVE-2018-11277 affects Qualcomm devices running the vulnerable firmware versions of Snapdragon (Automobile, Mobile, Wear), including MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, and SDA660.
How can I fix CVE-2018-11277?
To fix CVE-2018-11277, users should apply the latest firmware updates provided by Qualcomm and follow the recommendations outlined in their security bulletin.
Where can I find more information about CVE-2018-11277?
More information about CVE-2018-11277 can be found in the security bulletin published by Qualcomm on their website.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/qualcomm
- canonical/qualcomm msm8909w
- canonical/qualcomm msm8996au firmware
- canonical/qualcomm sd210 firmware
- canonical/qualcomm sd210
- canonical/qualcomm sd212 firmware
- canonical/qualcomm sd212
- canonical/qualcomm sd205 firmware
- canonical/qualcomm sd205
- canonical/qualcomm sd430 firmware
- canonical/qualcomm sd430
- canonical/qualcomm sd450 firmware
- canonical/qualcomm sd450
- canonical/qualcomm sd615 firmware
- canonical/qualcomm sd615
- canonical/qualcomm sd616 firmware
- canonical/qualcomm sd616
- canonical/qualcomm sd415 firmware
- canonical/qualcomm sd415
- canonical/qualcomm sd617 firmware
- canonical/qualcomm qca617
- canonical/qualcomm sd625 firmware
- canonical/qualcomm sd625
- canonical/qualcomm sd650 firmware
- canonical/qualcomm sd650
- canonical/qualcomm sd652 firmware
- canonical/qualcomm sd652
- canonical/qualcomm sd810 firmware
- canonical/qualcomm sd810
- canonical/qualcomm sd820 firmware
- canonical/qualcomm sd820
- canonical/qualcomm sd820a firmware
- canonical/qualcomm sd820a
- canonical/qualcomm sd835 firmware
- canonical/qualcomm sd835
- canonical/qualcomm sd845 firmware
- canonical/qualcomm sd845
- canonical/qualcomm sda660 firmware
- canonical/qualcomm sda660