What is CVE-2018-11290?

CVE-2018-11290 is a vulnerability in Qualcomm Snapdragon devices that may allow an attacker to execute arbitrary code or gain elevated privileges.

How severe is CVE-2018-11290?

CVE-2018-11290 has a severity rating of 7.5, which is classified as high.

How can an attacker exploit CVE-2018-11290?

An attacker can exploit CVE-2018-11290 by exploiting a vulnerability in Qualcomm Snapdragon devices to execute arbitrary code or gain elevated privileges.

Are there any fixes available for CVE-2018-11290?

Yes, patches and updates are available from Qualcomm and Google to address the vulnerability CVE-2018-11290.

Vulnerability/
CVE-2018-11290

high

7.5

CWE

338

4/9/2018

26/8/2024

CVE-2018-11290: Weak RNG

First published: Tue Sep 04 2018(Updated: )

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820A, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests is not done properly due to a flawed RNG in use.

Credit: product-security@qualcomm.com

Affected Software	Affected Version	How to fix
Android
Qualcomm MDM9206
Qualcomm MDM9206 firmware
Qualcomm MD9607 Firmware
Qualcomm MDM9607 firmware
qualcomm mdm9640 firmware
Qualcomm MDM9640
Qualcomm MDM9650
Qualcomm MDM9650 firmware
qualcomm MSM8996AU firmware
Qualcomm MSM8996AU Firmware
Qualcomm QCA6574 Firmware
Qualcomm QCA6574AU
Qualcomm SD 210 Firmware
Qualcomm SD210 Firmware
Qualcomm SD 212 Firmware
Qualcomm SD 212
Qualcomm SD 205 Firmware
Qualcomm Snapdragon 205
Qualcomm SD425 Firmware
Qualcomm Snapdragon 425
Qualcomm SD427 Firmware
Qualcomm SD427 Firmware
Qualcomm SD 430 Firmware
Qualcomm Snapdragon 430
Qualcomm SD 435 firmware
Qualcomm Snapdragon 435
Qualcomm SD 450 Firmware
Qualcomm Snapdragon 450
Qualcomm SD 625 Firmware
Qualcomm Snapdragon 625
Qualcomm SD 650 Firmware
Qualcomm Snapdragon 650
Qualcomm SD 652 Firmware
Qualcomm SD652 Firmware
Qualcomm SD 820A firmware
Qualcomm SD820A Firmware
Qualcomm SD 845 Firmware
Qualcomm Snapdragon 845
Qualcomm SDM429W
Qualcomm SD429
qualcomm SDM439 firmware
Qualcomm SDM439 Firmware
qualcomm SDM630 firmware
qualcomm SDM630
Qualcomm SDM632
Qualcomm SDM632
Qualcomm SD 636 Firmware
Qualcomm SDM636 Firmware
Qualcomm SD660 Firmware
Qualcomm Snapdragon 660
Qualcomm SDX20 Firmware
Qualcomm SDX20 Firmware
Qualcomm QCA6584
Qualcomm QCA6584AU

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2018-11290?
CVE-2018-11290 is a vulnerability in Qualcomm Snapdragon devices that may allow an attacker to execute arbitrary code or gain elevated privileges.
How severe is CVE-2018-11290?
CVE-2018-11290 has a severity rating of 7.5, which is classified as high.
Which devices are affected by CVE-2018-11290?
Qualcomm Snapdragon devices including MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820A, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20 are affected by CVE-2018-11290.
How can an attacker exploit CVE-2018-11290?
An attacker can exploit CVE-2018-11290 by exploiting a vulnerability in Qualcomm Snapdragon devices to execute arbitrary code or gain elevated privileges.
Are there any fixes available for CVE-2018-11290?
Yes, patches and updates are available from Qualcomm and Google to address the vulnerability CVE-2018-11290.

CVE-2018-11290: Weak RNG

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2018-11290?

How severe is CVE-2018-11290?

Which devices are affected by CVE-2018-11290?

How can an attacker exploit CVE-2018-11290?

Are there any fixes available for CVE-2018-11290?

Company

Resources

Contact