First published: Fri Jan 18 2019(Updated: )
While processing a packet decode request in MQTT, Race condition can occur leading to an out-of-bounds access in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 427, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016
Credit: product-security@qualcomm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Qualcomm MDM9206 | ||
Qualcomm MDM9206 firmware | ||
Qualcomm MD9607 Firmware | ||
Qualcomm MDM9607 firmware | ||
Qualcomm SD210 Firmware | ||
Qualcomm SD 210 Firmware | ||
Qualcomm SD 212 | ||
Qualcomm SD 212 Firmware | ||
Qualcomm 205 Firmware | ||
Qualcomm SD205 Firmware | ||
Qualcomm SD427 Firmware | ||
Qualcomm SD 427 firmware | ||
qualcomm sd435 firmware | ||
Qualcomm Snapdragon 435 | ||
Qualcomm SDM450 Firmware | ||
Qualcomm SDM450 | ||
Qualcomm SD 625 Firmware | ||
Qualcomm Snapdragon 625 | ||
Qualcomm SDM636 Firmware | ||
Qualcomm Snapdragon 636 | ||
Qualcomm SD835 Firmware | ||
Qualcomm Snapdragon 835 | ||
Qualcomm SDA660 | ||
Qualcomm SDA660 | ||
Qualcomm SDM630 | ||
Qualcomm SDM630 Firmware | ||
Qualcomm SD660 Firmware | ||
Qualcomm Snapdragon 660 | ||
Qualcomm Snapdragon High Med 2016 | ||
Qualcomm Snapdragon |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-11998 has been classified with a high severity score due to its potential for causing out-of-bounds memory access.
To fix CVE-2018-11998, ensure that your Qualcomm device firmware is updated to the latest version that addresses this vulnerability.
CVE-2018-11998 affects several Qualcomm Snapdragon Mobile and Wear devices including MDM9206, MDM9607, SD 210, SD 212, SD 205, SD 427, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, and SDM660.
CVE-2018-11998 can potentially be exploited remotely due to the nature of the race condition in packet decoding.
Exploitation of CVE-2018-11998 could lead to unpredictable behavior or crashes in affected devices, possibly enabling unauthorized access.