CVE-2018-11277
First published: Thu Sep 20 2018(Updated: )
In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, the com.qualcomm.embms is a vendor package deployed in the system image which has an inadequate permission level and allows any application installed from Play Store to request this permission at install-time. The system application interfaces with the Radio Interface Layer leading to potential access control issue.
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Android | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Msm8996au | ||
| Qualcomm Sd210 Firmware | ||
| Google Android | ||
| Qualcomm Sd212 Firmware | ||
| Qualcomm Sd212 | ||
| Qualcomm Sd205 Firmware | ||
| Google Android | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Sd450 Firmware | ||
| Qualcomm Sd450 | ||
| Qualcomm Sd615 Firmware | ||
| Qualcomm Sd615 | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Sd415 Firmware | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Sd617 | ||
| Qualcomm Sd625 Firmware | ||
| Qualcomm Sd625 | ||
| Google Android | ||
| Qualcomm Sd650 | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Sd810 Firmware | ||
| Qualcomm Sd810 | ||
| Google Android | ||
| Google Android | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Sd835 Firmware | ||
| Google Android | ||
| Google Android | ||
| Google Android | ||
| Google Android | ||
| Google Android |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-11277?
CVE-2018-11277 is a vulnerability in Snapdragon (Automobile, Mobile, Wear) in certain firmware versions that allows an attacker to execute arbitrary code within the context of the privileged com.qualcomm.embms process.
How severe is CVE-2018-11277?
CVE-2018-11277 has a severity score of 7.8 out of 10, indicating a high severity vulnerability.
How does CVE-2018-11277 affect Qualcomm devices?
CVE-2018-11277 affects Qualcomm devices running the vulnerable firmware versions of Snapdragon (Automobile, Mobile, Wear), including MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, and SDA660.
How can I fix CVE-2018-11277?
To fix CVE-2018-11277, users should apply the latest firmware updates provided by Qualcomm and follow the recommendations outlined in their security bulletin.
Where can I find more information about CVE-2018-11277?
More information about CVE-2018-11277 can be found in the security bulletin published by Qualcomm on their website.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/event
- vendor/qualcomm
- canonical/google android
- canonical/qualcomm msm8996au
- canonical/qualcomm sd210 firmware
- canonical/qualcomm sd212 firmware
- canonical/qualcomm sd212
- canonical/qualcomm sd205 firmware
- canonical/qualcomm sd450 firmware
- canonical/qualcomm sd450
- canonical/qualcomm sd615 firmware
- canonical/qualcomm sd615
- canonical/qualcomm sd415 firmware
- canonical/qualcomm sd617
- canonical/qualcomm sd625 firmware
- canonical/qualcomm sd625
- canonical/qualcomm sd650
- canonical/qualcomm sd810 firmware
- canonical/qualcomm sd810
- canonical/qualcomm sd835 firmware