First published: Mon Nov 05 2018(Updated: )
When a malformed command is sent to the device programmer, an out-of-bounds access can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20, SDX24.
Credit: product-security@qualcomm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Qualcomm Mdm9206 Firmware | ||
Qualcomm Mdm9206 | ||
Google Android | ||
Qualcomm Mdm9607 | ||
Qualcomm Mdm9650 Firmware | ||
Qualcomm Mdm9650 | ||
Qualcomm Mdm9655 Firmware | ||
Qualcomm Mdm9655 | ||
Qualcomm Msm8909w Firmware | ||
Qualcomm Msm8909w | ||
Qualcomm Msm8996au Firmware | ||
Qualcomm Msm8996au | ||
Qualcomm Sd 210 Firmware | ||
Qualcomm Sd 210 | ||
Qualcomm Sd 212 Firmware | ||
Qualcomm Sd 212 | ||
Qualcomm Sd 205 Firmware | ||
Qualcomm Sd 205 | ||
Qualcomm Sd 600 Firmware | ||
Qualcomm Sd 600 | ||
Google Android | ||
Google Android | ||
Qualcomm Sd 820a Firmware | ||
Qualcomm Sd 820a | ||
Qualcomm Sd 835 Firmware | ||
Qualcomm Sd 835 | ||
Google Android | ||
Google Android | ||
Qualcomm Sdx20 Firmware | ||
Qualcomm Sdx20 | ||
Qualcomm Sdx24 Firmware | ||
Google Android | ||
Google Android |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-11996 is a vulnerability that occurs when a malformed command is sent to the device programmer, leading to an out-of-bounds access in Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear.
The severity of CVE-2018-11996 is rated as high, with a CVSS score of 7.8.
CVE-2018-11996 affects several software versions, including Qualcomm MDM9206 Firmware, MDM9607, MDM9650 Firmware, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20, and SDX24.
To fix CVE-2018-11996, it is recommended to apply the security patches provided by Qualcomm and Google Android.
You can find more information about CVE-2018-11996 on the SecurityFocus website, Qualcomm Product Security Bulletins, and the Android Security Bulletin for November 2018.