What is the severity of CVE-2018-11970?

The severity of CVE-2018-11970 is high with a severity value of 7.

Which products are affected by CVE-2018-11970?

Google Android, Qualcomm Mdm9206 Firmware, Qualcomm Mdm9607 Firmware, Qualcomm Mdm9650 Firmware, Qualcomm Mdm9655 Firmware, Qualcomm Qcs605 Firmware, Qualcomm Sd 410 Firmware, Qualcomm Sd 412 Firmware, Qualcomm Sd 636 Firmware, Qualcomm Sd 712 Firmware, Qualcomm Sd 710 Firmware, Qualcomm Sd 670 Firmware, Qualcomm Sd 845 Firmware, Qualcomm Sd 850 Firmware, Qualcomm Sd 8cx Firmware, Qualcomm Sda660 Firmware, Qualcomm Sdm630 Firmware, Qualcomm Sdm660 Firmware, Qualcomm Sxr1130 Firmware are affected by CVE-2018-11970.

How can I fix CVE-2018-11970?

Apply the necessary security patches provided by Google and Qualcomm for the affected products.

Where can I find more information about CVE-2018-11970?

You can find more information about CVE-2018-11970 in the Qualcomm Product Security Bulletins and the Android Security Bulletins.

Vulnerability/
CVE-2018-11970

high

7.8

4/3/2019

4/4/2019

26/8/2024

CVE-2018-11970

First published: Thu Apr 04 2019(Updated: )

TZ App dynamic allocations not protected from XBL loader in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 410/12, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SD 8CX, SDA660, SDM630, SDM660, SXR1130

Credit: product-security@qualcomm.com

Affected Software	Affected Version	How to fix
Android
Qualcomm MDM9206
Qualcomm MDM9206 firmware
Qualcomm MD9607 Firmware
Qualcomm MDM9607 firmware
Qualcomm MDM9650
Qualcomm MDM9650 firmware
Qualcomm MDM9655 firmware
Qualcomm MDM9655 firmware
Qualcomm ZZ QCS605 firmware
Qualcomm QCS605 Firmware
Qualcomm SD410 Firmware
Qualcomm Snapdragon 410
Qualcomm SD412 Firmware
Qualcomm SD412
Qualcomm SDM636 Firmware
Qualcomm Snapdragon 636
Qualcomm Snapdragon 712 Firmware
Qualcomm Snapdragon 712
qualcomm sdm710 firmware
Qualcomm Snapdragon 710
Qualcomm SDM670 Firmware
Qualcomm SDM670
Qualcomm SDA845 Firmware
Qualcomm SD845
Qualcomm SD850 Firmware
Qualcomm SD850
Qualcomm SD 8cx firmware
Qualcomm Snapdragon 8cx
Qualcomm SDA660
Qualcomm SDA660
qualcomm SDM630 firmware
qualcomm SDM630
Qualcomm SD660 Firmware
Qualcomm Snapdragon 660
Qualcomm SXR1130
Qualcomm SXR1130 Firmware

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2018-11970?
The severity of CVE-2018-11970 is high with a severity value of 7.
Which products are affected by CVE-2018-11970?
Google Android, Qualcomm Mdm9206 Firmware, Qualcomm Mdm9607 Firmware, Qualcomm Mdm9650 Firmware, Qualcomm Mdm9655 Firmware, Qualcomm Qcs605 Firmware, Qualcomm Sd 410 Firmware, Qualcomm Sd 412 Firmware, Qualcomm Sd 636 Firmware, Qualcomm Sd 712 Firmware, Qualcomm Sd 710 Firmware, Qualcomm Sd 670 Firmware, Qualcomm Sd 845 Firmware, Qualcomm Sd 850 Firmware, Qualcomm Sd 8cx Firmware, Qualcomm Sda660 Firmware, Qualcomm Sdm630 Firmware, Qualcomm Sdm660 Firmware, Qualcomm Sxr1130 Firmware are affected by CVE-2018-11970.
How can I fix CVE-2018-11970?
Apply the necessary security patches provided by Google and Qualcomm for the affected products.
Where can I find more information about CVE-2018-11970?
You can find more information about CVE-2018-11970 in the Qualcomm Product Security Bulletins and the Android Security Bulletins.
What is the vulnerability description of CVE-2018-11970?
TZ App dynamic allocations are not protected from XBL loader in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 410/12, SD 636, SD 712 / SD 710 / SD 670, SD 845, SD 850, SD 8cx, SDA660, SDM630, SDM660, SXR1130, which allows an attacker to execute arbitrary code.

agent/type
agent/author
agent/severity
agent/description
agent/references
collector/mitre-cve
source/MITRE
agent/first-publish-date
agent/last-modified-date
agent/event
agent/source
collector/android-source
source/Android
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/tags
agent/softwarecombine
collector/nvd-index
vendor/google
canonical/android
vendor/qualcomm
canonical/qualcomm mdm9206
canonical/qualcomm mdm9206 firmware
canonical/qualcomm md9607 firmware
canonical/qualcomm mdm9607 firmware
canonical/qualcomm mdm9650
canonical/qualcomm mdm9650 firmware
canonical/qualcomm mdm9655 firmware
canonical/qualcomm zz qcs605 firmware
canonical/qualcomm qcs605 firmware
canonical/qualcomm sd410 firmware
canonical/qualcomm snapdragon 410
canonical/qualcomm sd412 firmware
canonical/qualcomm sd412
canonical/qualcomm sdm636 firmware
canonical/qualcomm snapdragon 636
canonical/qualcomm snapdragon 712 firmware
canonical/qualcomm snapdragon 712
canonical/qualcomm sdm710 firmware
canonical/qualcomm snapdragon 710
canonical/qualcomm sdm670 firmware
canonical/qualcomm sdm670
canonical/qualcomm sda845 firmware
canonical/qualcomm sd845
canonical/qualcomm sd850 firmware
canonical/qualcomm sd850
canonical/qualcomm sd 8cx firmware
canonical/qualcomm snapdragon 8cx
canonical/qualcomm sda660
canonical/qualcomm sdm630 firmware
canonical/qualcomm sdm630
canonical/qualcomm sd660 firmware
canonical/qualcomm snapdragon 660
canonical/qualcomm sxr1130
canonical/qualcomm sxr1130 firmware

CVE-2018-11970

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2018-11970?

Which products are affected by CVE-2018-11970?

How can I fix CVE-2018-11970?

Where can I find more information about CVE-2018-11970?

What is the vulnerability description of CVE-2018-11970?

Company

Resources

Contact