What is CVE-2018-11980?

CVE-2018-11980 is a vulnerability that occurs when a fake broadcast/multicast 11w rmf without mmie is received, leading to a buffer overflow in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industria.

What is the severity of CVE-2018-11980?

The severity of CVE-2018-11980 is rated as high with a severity value of 7.8.

How does CVE-2018-11980 affect the affected software?

CVE-2018-11980 affects various software such as Google Android, Qualcomm Apq8009, Qualcomm Apq8017, Qualcomm Apq8053, Qualcomm Apq8064, Qualcomm Apq8096au, Qualcomm Mdm9206 Firmware, Qualcomm Mdm9207c, Qualcomm Mdm9607, Qualcomm Mdm9640 Firmware, Qualcomm Mdm9650 Firmware, Qualcomm Msm8937 Firmware, Qualcomm Msm8996au, Qualcomm MSM8998, Qualcomm Qca6174a, Qualcomm Qca6574au, Qualcomm Qca9377, Qualcomm Qca9379, Qualcomm Qcn7605, Qualcomm Qcs605 Firmware, Qualcomm Sdm630 Firmware, Qualcomm Sdm636, Qualcomm Sdm660 Firmware, Qualcomm Sdx20, Qualcomm Sdx24 Firmware, Qualcomm Sdx55 Firmware, Qualcomm Sm6150, Qualcomm Sm7150, Qualcomm Sm8150 Firmware, Qualcomm Sxr1130 Firmware.

How can I fix CVE-2018-11980?

To fix CVE-2018-11980, update your software to the latest version provided by the vendor and follow their recommended security patching process.

Where can I find more information about CVE-2018-11980?

You can find more information about CVE-2018-11980 on the Qualcomm Product Security Bulletin for December 2019, the commit ID ec08ee686651e4ae89314c754b2e5483b57db3e8 on Code Aurora, and the Android Security Bulletin for December 2019.

Vulnerability/
CVE-2018-11980

high

7.8

CWE

120 119

2/12/2019

18/12/2019

5/8/2024

CVE-2018-11980: Buffer Overflow

First published: Mon Dec 02 2019(Updated: )

When a fake broadcast/multicast 11w rmf without mmie received, since no proper length check in wma_process_bip, buffer overflow will happen in both cds_is_mmie_valid and qdf_nbuf_trim_tail in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8937, MSM8996AU, MSM8998, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS605, SDM630, SDM636, SDM660, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130

Credit: product-security@qualcomm.com

Affected Software	Affected Version	How to fix
Google Android
Google Android
Qualcomm Apq8009
Google Android
Qualcomm Apq8017
Qualcomm Apq8053 Firmware
Qualcomm Apq8053
Google Android
Qualcomm Apq8064
Google Android
Google Android
Qualcomm Mdm9206 Firmware
Qualcomm Mdm9206
Google Android
Google Android
Google Android
Qualcomm Mdm9607
Qualcomm Mdm9640 Firmware
Qualcomm Mdm9640
Qualcomm Mdm9650 Firmware
Qualcomm Mdm9650
Qualcomm Msm8937 Firmware
Google Android
Qualcomm Msm8996au Firmware
Qualcomm Msm8996au
Google Android
Qualcomm MSM8998
Google Android
Google Android
Google Android
Qualcomm Qca6574au
Google Android
Google Android
Google Android
Google Android
Google Android
Google Android
Qualcomm Qcs605 Firmware
Google Android
Qualcomm Sdm630 Firmware
Qualcomm Sdm630
Google Android
Qualcomm Sdm636
Qualcomm Sdm660 Firmware
Qualcomm Sdm660
Qualcomm Sdx20 Firmware
Qualcomm Sdx20
Qualcomm Sdx24 Firmware
Google Android
Qualcomm Sdx55 Firmware
Qualcomm Sdx55
Qualcomm Sm6150 Firmware
Qualcomm Sm6150
Qualcomm Sm7150 Firmware
Qualcomm Sm7150
Qualcomm Sm8150 Firmware
Qualcomm Sm8150
Qualcomm Sxr1130 Firmware
Qualcomm Sxr1130

Remedy

https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2018-11980?
CVE-2018-11980 is a vulnerability that occurs when a fake broadcast/multicast 11w rmf without mmie is received, leading to a buffer overflow in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industria.
What is the severity of CVE-2018-11980?
The severity of CVE-2018-11980 is rated as high with a severity value of 7.8.
How does CVE-2018-11980 affect the affected software?
CVE-2018-11980 affects various software such as Google Android, Qualcomm Apq8009, Qualcomm Apq8017, Qualcomm Apq8053, Qualcomm Apq8064, Qualcomm Apq8096au, Qualcomm Mdm9206 Firmware, Qualcomm Mdm9207c, Qualcomm Mdm9607, Qualcomm Mdm9640 Firmware, Qualcomm Mdm9650 Firmware, Qualcomm Msm8937 Firmware, Qualcomm Msm8996au, Qualcomm MSM8998, Qualcomm Qca6174a, Qualcomm Qca6574au, Qualcomm Qca9377, Qualcomm Qca9379, Qualcomm Qcn7605, Qualcomm Qcs605 Firmware, Qualcomm Sdm630 Firmware, Qualcomm Sdm636, Qualcomm Sdm660 Firmware, Qualcomm Sdx20, Qualcomm Sdx24 Firmware, Qualcomm Sdx55 Firmware, Qualcomm Sm6150, Qualcomm Sm7150, Qualcomm Sm8150 Firmware, Qualcomm Sxr1130 Firmware.
How can I fix CVE-2018-11980?
To fix CVE-2018-11980, update your software to the latest version provided by the vendor and follow their recommended security patching process.
Where can I find more information about CVE-2018-11980?
You can find more information about CVE-2018-11980 on the Qualcomm Product Security Bulletin for December 2019, the commit ID ec08ee686651e4ae89314c754b2e5483b57db3e8 on Code Aurora, and the Android Security Bulletin for December 2019.