CVE-2018-11291: Weak RNG
First published: Thu Sep 20 2018(Updated: )
In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, cryptographic issues due to the random number generator was not a strong one in NAN.
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Android | ||
| Qualcomm Ipq8074 Firmware | ||
| Qualcomm Ipq8074 | ||
| Qualcomm Mdm9206 Firmware | ||
| Qualcomm Mdm9206 | ||
| Qualcomm Mdm9607 Firmware | ||
| Qualcomm Mdm9607 | ||
| Qualcomm Mdm9640 Firmware | ||
| Qualcomm Mdm9640 | ||
| Qualcomm Mdm9650 Firmware | ||
| Qualcomm Mdm9650 | ||
| Qualcomm Msm8996au Firmware | ||
| Qualcomm Msm8996au | ||
| Qualcomm Qca4531 Firmware | ||
| Qualcomm Qca4531 | ||
| Qualcomm Qca6174a Firmware | ||
| Qualcomm Qca6174a | ||
| Google Android | ||
| Qualcomm Qca6564 | ||
| Qualcomm Qca6574 Firmware | ||
| Qualcomm Qca6574 | ||
| Qualcomm Qca6574au Firmware | ||
| Qualcomm Qca6574au | ||
| Qualcomm Qca6584 Firmware | ||
| Qualcomm Qca6584 | ||
| Google Android | ||
| Qualcomm Qca6584au | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Qca9378 Firmware | ||
| Qualcomm Qca9378 | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Sd425 Firmware | ||
| Qualcomm Sd425 | ||
| Qualcomm Sd427 Firmware | ||
| Qualcomm Sd427 | ||
| Qualcomm Sd430 Firmware | ||
| Qualcomm Sd430 | ||
| Qualcomm Sd435 Firmware | ||
| Qualcomm Sd435 | ||
| Qualcomm Sd450 Firmware | ||
| Qualcomm Sd450 | ||
| Qualcomm Sd600 Firmware | ||
| Qualcomm Sd600 | ||
| Qualcomm Sd625 Firmware | ||
| Qualcomm Sd625 | ||
| Qualcomm Sd650 Firmware | ||
| Qualcomm Sd650 | ||
| Qualcomm Sd652 Firmware | ||
| Qualcomm Sd652 | ||
| Qualcomm Sd810 Firmware | ||
| Qualcomm Sd810 | ||
| Qualcomm Sd820 Firmware | ||
| Qualcomm Sd820 | ||
| Qualcomm Sd820a Firmware | ||
| Qualcomm Sd820a | ||
| Qualcomm Sd835 Firmware | ||
| Qualcomm Sd835 | ||
| Qualcomm Sd845 Firmware | ||
| Qualcomm Sd845 | ||
| Qualcomm Sd850 Firmware | ||
| Qualcomm Sd850 | ||
| Qualcomm Sdm630 Firmware | ||
| Qualcomm Sdm630 | ||
| Qualcomm Sdm632 Firmware | ||
| Qualcomm Sdm632 | ||
| Qualcomm Sdm636 Firmware | ||
| Qualcomm Sdm636 | ||
| Qualcomm Sdm660 Firmware | ||
| Qualcomm Sdm660 | ||
| Qualcomm Sdx20 Firmware | ||
| Qualcomm Sdx20 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-11291?
CVE-2018-11291 is a vulnerability in Snapdragon (Automobile, Mobile, Wear) devices.
What is the severity of CVE-2018-11291?
The severity of CVE-2018-11291 is high with a CVSS score of 7.5.
Which devices are affected by CVE-2018-11291?
CVE-2018-11291 affects Snapdragon (Automobile, Mobile, Wear) devices including IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, and more.
What is the fix for CVE-2018-11291?
To fix CVE-2018-11291, users should apply the necessary firmware updates provided by Qualcomm or Google.
Where can I find more information about CVE-2018-11291?
You can find more information about CVE-2018-11291 on the Android Security Bulletin for April 2019 and the SecurityFocus website.
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- vendor/qualcomm
- canonical/qualcomm ipq8074 firmware
- canonical/qualcomm ipq8074
- canonical/qualcomm mdm9206 firmware
- canonical/qualcomm mdm9206
- canonical/qualcomm mdm9607 firmware
- canonical/qualcomm mdm9607
- canonical/qualcomm mdm9640 firmware
- canonical/qualcomm mdm9640
- canonical/qualcomm mdm9650 firmware
- canonical/qualcomm mdm9650
- canonical/qualcomm msm8996au firmware
- canonical/qualcomm msm8996au
- canonical/qualcomm qca4531 firmware
- canonical/qualcomm qca4531
- canonical/qualcomm qca6174a firmware
- canonical/qualcomm qca6174a
- canonical/google android
- canonical/qualcomm qca6564
- canonical/qualcomm qca6574 firmware
- canonical/qualcomm qca6574
- canonical/qualcomm qca6574au firmware
- canonical/qualcomm qca6574au
- canonical/qualcomm qca6584 firmware
- canonical/qualcomm qca6584
- canonical/qualcomm qca6584au
- canonical/qualcomm qca9378 firmware
- canonical/qualcomm qca9378
- canonical/qualcomm sd425 firmware
- canonical/qualcomm sd425
- canonical/qualcomm sd427 firmware
- canonical/qualcomm sd427
- canonical/qualcomm sd430 firmware
- canonical/qualcomm sd430
- canonical/qualcomm sd435 firmware
- canonical/qualcomm sd435
- canonical/qualcomm sd450 firmware
- canonical/qualcomm sd450
- canonical/qualcomm sd600 firmware
- canonical/qualcomm sd600
- canonical/qualcomm sd625 firmware
- canonical/qualcomm sd625
- canonical/qualcomm sd650 firmware
- canonical/qualcomm sd650
- canonical/qualcomm sd652 firmware
- canonical/qualcomm sd652
- canonical/qualcomm sd810 firmware
- canonical/qualcomm sd810
- canonical/qualcomm sd820 firmware
- canonical/qualcomm sd820
- canonical/qualcomm sd820a firmware
- canonical/qualcomm sd820a
- canonical/qualcomm sd835 firmware
- canonical/qualcomm sd835
- canonical/qualcomm sd845 firmware
- canonical/qualcomm sd845
- canonical/qualcomm sd850 firmware
- canonical/qualcomm sd850
- canonical/qualcomm sdm630 firmware
- canonical/qualcomm sdm630
- canonical/qualcomm sdm632 firmware
- canonical/qualcomm sdm632
- canonical/qualcomm sdm636 firmware
- canonical/qualcomm sdm636
- canonical/qualcomm sdm660 firmware
- canonical/qualcomm sdm660
- canonical/qualcomm sdx20 firmware
- canonical/qualcomm sdx20
- vendor/google