What is the severity of CVE-2018-13887?

CVE-2018-13887 is classified as a critical vulnerability due to its potential impact on device functionality and security.

How do I fix CVE-2018-13887?

To address CVE-2018-13887, users should apply the latest firmware updates provided by Qualcomm or their device manufacturer.

Which devices are affected by CVE-2018-13887?

CVE-2018-13887 impacts various Qualcomm platforms including Snapdragon Auto, Compute, Consumer IOT, and Wearables.

What are the risks associated with CVE-2018-13887?

The risks include potential unauthorized access and execution of arbitrary code due to integer overflow caused by untrusted header fields.

Is there a workaround for CVE-2018-13887?

Currently, the recommended method to mitigate CVE-2018-13887 is to ensure that your device uses the updated firmware to patch the vulnerability.

Vulnerability/
CVE-2018-13887

critical

CWE

190

1/4/2019

24/5/2019

26/8/2024

CVE-2018-13887: Integer Overflow

First published: Mon Apr 01 2019(Updated: )

Untrusted header fields in GNSS XTRA3 function can lead to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8909W, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, SM7150, SXR1130

Credit: product-security@qualcomm.com

Affected Software	Affected Version	How to fix
Qualcomm MDM9150 firmware
Qualcomm MDM9150
Qualcomm MDM9206 firmware
Qualcomm MDM9206
Qualcomm MDM9607 firmware
Qualcomm MDM9607
Qualcomm MDM9635M firmware
Qualcomm MDM9635M
Qualcomm MDM9650 firmware
Qualcomm MDM9650
Qualcomm MDM9655 firmware
Qualcomm MDM9655
Qualcomm MSM8909W
Qualcomm MSM8909W
Qualcomm QCS605 firmware
Qualcomm QCS605
Qualcomm qm215 firmware
Qualcomm qm215
qualcomm SD 210 firmware
qualcomm SD 210
qualcomm SD 212 firmware
qualcomm SD 212
qualcomm SD 205 firmware
qualcomm SD 205
qualcomm SD 425 firmware
qualcomm SD 425
Qualcomm SD 427 firmware
Qualcomm SD 427
Qualcomm SD 430 firmware
Qualcomm SD 430
Qualcomm SD 435 firmware
Qualcomm SD 435
Qualcomm SD 439 firmware
Qualcomm SD 439
Qualcomm SD 429 firmware
Qualcomm SD 429
Qualcomm SD 450 firmware
Qualcomm SD 450
qualcomm SD 600 firmware
qualcomm SD 600
qualcomm SD 625 firmware
qualcomm SD 625
Qualcomm SD 632 firmware
Qualcomm SD 632
qualcomm SD 636 firmware
qualcomm SD 636
qualcomm SD 675 firmware
qualcomm SD 675
qualcomm SD 712 firmware
qualcomm SD 712
qualcomm SD 710 firmware
qualcomm SD 710
qualcomm SD 670 firmware
qualcomm SD 670
qualcomm SD 835 firmware
qualcomm SD 835
qualcomm SD 845 firmware
qualcomm SD 845
qualcomm SD 850 firmware
qualcomm SD 850
qualcomm SDA660 firmware
qualcomm SDA660
qualcomm SDM439 firmware
qualcomm SDM439
qualcomm SDM630 firmware
qualcomm SDM630
qualcomm SDM660 firmware
qualcomm SDM660
Qualcomm SDX20 Firmware
Qualcomm SDX20 Firmware
Qualcomm SM7150 Firmware
qualcomm SM7150 firmware
Qualcomm SXR1130 Firmware
Qualcomm SXR1130
Android

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2018-13887?
CVE-2018-13887 is classified as a critical vulnerability due to its potential impact on device functionality and security.
How do I fix CVE-2018-13887?
To address CVE-2018-13887, users should apply the latest firmware updates provided by Qualcomm or their device manufacturer.
Which devices are affected by CVE-2018-13887?
CVE-2018-13887 impacts various Qualcomm platforms including Snapdragon Auto, Compute, Consumer IOT, and Wearables.
What are the risks associated with CVE-2018-13887?
The risks include potential unauthorized access and execution of arbitrary code due to integer overflow caused by untrusted header fields.
Is there a workaround for CVE-2018-13887?
Currently, the recommended method to mitigate CVE-2018-13887 is to ensure that your device uses the updated firmware to patch the vulnerability.