First published: Mon Jun 03 2019(Updated: )
Debug policy with invalid signature can be loaded when the debug policy functionality is disabled by using the parallel image loading in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCS404, QCS605, SD 410/12, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SXR1130
Credit: product-security@qualcomm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Android | ||
Qualcomm MDM9206 | ||
Qualcomm MDM9206 firmware | ||
Qualcomm MD9607 Firmware | ||
Qualcomm MDM9607 firmware | ||
Qualcomm MDM9650 | ||
Qualcomm MDM9650 firmware | ||
Qualcomm MDM9655 firmware | ||
Qualcomm MDM9655 firmware | ||
qualcomm MSM8996AU firmware | ||
Qualcomm MSM8996AU Firmware | ||
Qualcomm QCS404 Firmware | ||
Qualcomm QCS404 Firmware | ||
Qualcomm QCS605 | ||
Qualcomm QCS605 Firmware | ||
Qualcomm SD410 Firmware | ||
Qualcomm Snapdragon 410 | ||
Qualcomm SD412 Firmware | ||
Qualcomm SD412 | ||
Qualcomm SDM636 Firmware | ||
Qualcomm Snapdragon 636 | ||
Qualcomm Snapdragon 712 Firmware | ||
Qualcomm Snapdragon 712 | ||
Qualcomm SD710 Firmware | ||
Qualcomm Snapdragon 710 | ||
Qualcomm SD 670 | ||
Qualcomm SDM670 | ||
Qualcomm SD820 Firmware | ||
Qualcomm SD820 Firmware | ||
Qualcomm SD820A Firmware | ||
Qualcomm SD820A Firmware | ||
Qualcomm SD835 Firmware | ||
Qualcomm Snapdragon 835 | ||
Qualcomm SDA845 Firmware | ||
Qualcomm SD845 | ||
Qualcomm SD850 Firmware | ||
Qualcomm SD850 | ||
Qualcomm SD855 Firmware | ||
Qualcomm SD855 Firmware | ||
Qualcomm SD 8cx firmware | ||
Qualcomm Snapdragon 8cx | ||
Qualcomm SDA660 | ||
Qualcomm SDA660 | ||
Qualcomm SDM630 | ||
Qualcomm SDM630 Firmware | ||
Qualcomm SD660 Firmware | ||
Qualcomm Snapdragon 660 | ||
Qualcomm SXR1130 | ||
Qualcomm SXR1130 Firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-13927 refers to a vulnerability where debug policy with an invalid signature can be loaded even when the debug policy functionality is disabled in certain Qualcomm products.
CVE-2018-13927 affects Google Android, Qualcomm Mdm9206 Firmware, Qualcomm Mdm9650 Firmware, and several other Qualcomm products.
CVE-2018-13927 has a severity rating of 7.8 (out of 10), which is considered critical.
The CWE ID for CVE-2018-13927 is CWE-287, which refers to an Improper Authentication vulnerability.
You can find more information about CVE-2018-13927 in the Android Security Bulletin for June 2019 and the Qualcomm Product Security Bulletins.