CVE-2018-11996: Out-of-bounds Read
First published: Mon Nov 05 2018(Updated: )
When a malformed command is sent to the device programmer, an out-of-bounds access can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20, SDX24.
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Android | ||
| Qualcomm Mdm9206 Firmware | ||
| Qualcomm Mdm9206 | ||
| Google Android | ||
| Qualcomm Mdm9607 | ||
| Qualcomm Mdm9650 Firmware | ||
| Qualcomm Mdm9650 | ||
| Qualcomm Mdm9655 Firmware | ||
| Qualcomm Mdm9655 | ||
| Google Android | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Msm8996au | ||
| Qualcomm Sd 210 Firmware | ||
| Qualcomm Sd 210 | ||
| Qualcomm Sd 212 Firmware | ||
| Qualcomm Sd 212 | ||
| Qualcomm Sd 205 Firmware | ||
| Qualcomm Sd 205 | ||
| Qualcomm Sd 600 Firmware | ||
| Qualcomm Sd 600 | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Sd 820a Firmware | ||
| Qualcomm Sd 820a | ||
| Qualcomm Sd 835 Firmware | ||
| Qualcomm Sd 835 | ||
| Google Android | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Sdx20 | ||
| Qualcomm Sdx24 Firmware | ||
| Google Android |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-11996?
CVE-2018-11996 is a vulnerability that occurs when a malformed command is sent to the device programmer, leading to an out-of-bounds access in Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear.
What is the severity of CVE-2018-11996?
The severity of CVE-2018-11996 is rated as high, with a CVSS score of 7.8.
Which software versions are affected by CVE-2018-11996?
CVE-2018-11996 affects several software versions, including Qualcomm MDM9206 Firmware, MDM9607, MDM9650 Firmware, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20, and SDX24.
How can I fix CVE-2018-11996?
To fix CVE-2018-11996, it is recommended to apply the security patches provided by Qualcomm and Google Android.
Where can I find more information about CVE-2018-11996?
You can find more information about CVE-2018-11996 on the SecurityFocus website, Qualcomm Product Security Bulletins, and the Android Security Bulletin for November 2018.
- collector/android-source
- collector/nvd-index
- vendor/google
- canonical/google android
- vendor/qualcomm
- canonical/qualcomm mdm9206 firmware
- canonical/qualcomm mdm9206
- canonical/qualcomm mdm9607
- canonical/qualcomm mdm9650 firmware
- canonical/qualcomm mdm9650
- canonical/qualcomm mdm9655 firmware
- canonical/qualcomm mdm9655
- canonical/qualcomm msm8996au
- canonical/qualcomm sd 210 firmware
- canonical/qualcomm sd 210
- canonical/qualcomm sd 212 firmware
- canonical/qualcomm sd 212
- canonical/qualcomm sd 205 firmware
- canonical/qualcomm sd 205
- canonical/qualcomm sd 600 firmware
- canonical/qualcomm sd 600
- canonical/qualcomm sd 820a firmware
- canonical/qualcomm sd 820a
- canonical/qualcomm sd 835 firmware
- canonical/qualcomm sd 835
- canonical/qualcomm sdx20
- canonical/qualcomm sdx24 firmware