CVE-2018-11838: Double Free
First published: Mon Mar 02 2020(Updated: )
Possible double free issue in WLAN due to lack of checking memory free condition. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, MDM9640, SDA660, SDM636, SDM660, SDX20
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Android | ||
| Qualcomm APQ8053 | ||
| Qualcomm APQ8053 Firmware | ||
| Qualcomm MDM9640 Firmware | ||
| Qualcomm MDM9640 Firmware | ||
| Qualcomm SDA660 | ||
| Qualcomm SDA660 | ||
| Qualcomm SD 636 Firmware | ||
| Qualcomm SDM636 Firmware | ||
| Qualcomm SD660 Firmware | ||
| Qualcomm Snapdragon 660 | ||
| Qualcomm SDX20 Firmware | ||
| Qualcomm SDX20 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=d98aa07b53021e269afa337e89408418103367be
- https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=815cf7b4de9bfe7ed77a04db5c3462d5a29b8e43
- https://source.android.com/docs/security/bulletin/2020-03-01 (Advisory)
- https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin
Frequently Asked Questions
What is the severity of CVE-2018-11838?
CVE-2018-11838 is considered a high-severity vulnerability due to the potential for a double free condition.
How do I fix CVE-2018-11838?
To fix CVE-2018-11838, it is recommended to apply the latest security patches provided by Qualcomm for the affected firmware.
What devices are affected by CVE-2018-11838?
CVE-2018-11838 affects devices using Qualcomm chipsets such as APQ8053, MDM9640, SDA660, SDM636, and others.
What impact does CVE-2018-11838 have on systems?
CVE-2018-11838 may lead to system crashes or unauthorized access due to incorrect memory handling.
Is CVE-2018-11838 related to wireless connectivity?
Yes, CVE-2018-11838 is associated with wireless LAN functionality in Qualcomm chipsets.
- agent/type
- agent/first-publish-date
- agent/author
- agent/severity
- agent/weakness
- agent/remedy
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/last-modified-date
- agent/source
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/google
- canonical/android
- vendor/qualcomm
- canonical/qualcomm apq8053
- canonical/qualcomm apq8053 firmware
- canonical/qualcomm mdm9640 firmware
- canonical/qualcomm sda660
- canonical/qualcomm sd 636 firmware
- canonical/qualcomm sdm636 firmware
- canonical/qualcomm sd660 firmware
- canonical/qualcomm snapdragon 660
- canonical/qualcomm sdx20 firmware