First published: Mon Feb 04 2019(Updated: )
Data truncation during higher to lower type conversion which causes less memory allocation than desired can lead to a buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130.
Credit: product-security@qualcomm.com
Affected Software | Affected Version | How to fix |
---|---|---|
qualcomm ipq8074 firmware | ||
qualcomm IPQ8074 | ||
Qualcomm MDM9150 firmware | ||
Qualcomm MDM9150 | ||
Qualcomm MDM9206 firmware | ||
Qualcomm MDM9206 | ||
Qualcomm MDM9607 firmware | ||
Qualcomm MDM9607 | ||
Qualcomm MDM9650 firmware | ||
Qualcomm MDM9650 | ||
Qualcomm MDM9655 firmware | ||
Qualcomm MDM9655 | ||
Qualcomm MSM8996AU Firmware | ||
Qualcomm MSM8996AU Firmware | ||
qualcomm QCA8081 firmware | ||
qualcomm QCA8081 | ||
Qualcomm QCS605 firmware | ||
Qualcomm QCS605 | ||
qualcomm SD 210 firmware | ||
qualcomm SD 210 | ||
qualcomm SD 212 firmware | ||
qualcomm SD 212 | ||
qualcomm SD 205 firmware | ||
qualcomm SD 205 | ||
qualcomm sd 410 firmware | ||
qualcomm sd 410 | ||
qualcomm sd 412 firmware | ||
qualcomm sd 412 | ||
qualcomm SD 425 firmware | ||
qualcomm SD 425 | ||
Qualcomm SD 427 firmware | ||
Qualcomm SD 427 | ||
Qualcomm SD 430 firmware | ||
Qualcomm SD 430 | ||
Qualcomm SD 435 firmware | ||
Qualcomm SD 435 | ||
Qualcomm SD 439 firmware | ||
Qualcomm SD 439 | ||
Qualcomm SD 429 firmware | ||
Qualcomm SD 429 | ||
Qualcomm SD 450 firmware | ||
Qualcomm SD 450 | ||
qualcomm SD 625 firmware | ||
qualcomm SD 625 | ||
Qualcomm SD 632 firmware | ||
Qualcomm SD 632 | ||
qualcomm SD 636 firmware | ||
qualcomm SD 636 | ||
qualcomm sd 650 firmware | ||
qualcomm sd 650 | ||
qualcomm sd 652 firmware | ||
qualcomm sd 652 | ||
qualcomm SD 675 firmware | ||
qualcomm SD 675 | ||
qualcomm SD 712 firmware | ||
qualcomm SD 712 | ||
qualcomm SD 710 firmware | ||
qualcomm SD 710 | ||
qualcomm SD 670 firmware | ||
qualcomm SD 670 | ||
qualcomm SD 820 firmware | ||
qualcomm SD 820 | ||
qualcomm SD 820A firmware | ||
qualcomm SD 820A | ||
qualcomm SD 835 firmware | ||
qualcomm SD 835 | ||
qualcomm SD 845 firmware | ||
qualcomm SD 845 | ||
qualcomm SD 850 firmware | ||
qualcomm SD 850 | ||
qualcomm SD 8CX firmware | ||
qualcomm SD 8CX | ||
qualcomm SDA660 firmware | ||
qualcomm SDA660 | ||
qualcomm SDM439 firmware | ||
qualcomm SDM439 | ||
qualcomm SDM630 firmware | ||
qualcomm SDM630 | ||
qualcomm SDM660 firmware | ||
qualcomm SDM660 | ||
Qualcomm Snapdragon High Med 2016 Firmware | ||
Qualcomm Snapdragon High Med 2016 | ||
Qualcomm SXR1130 Firmware | ||
Qualcomm SXR1130 | ||
Android |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The CVE-2018-11289 vulnerability has a high severity level due to the potential for buffer overflow leading to arbitrary code execution.
To mitigate CVE-2018-11289, ensure that all affected firmware from Qualcomm is updated to the latest version provided by the vendor.
CVE-2018-11289 affects various Qualcomm Snapdragon products, including Snapdragon Auto, Snapdragon Compute, and multiple firmware versions.
Exploitation of CVE-2018-11289 could lead to unauthorized access, data corruption, or system crashes due to the buffer overflow.
As of the last reports, there are no confirmed active exploits for CVE-2018-11289, but it remains a critical vulnerability that should be addressed promptly.