What is the severity of CVE-2018-19860?

CVE-2018-19860 has a high severity rating due to its potential to allow remote code execution via Bluetooth.

How do I fix CVE-2018-19860?

To fix CVE-2018-19860, update the affected Broadcom firmware versions to the latest that address this vulnerability.

Which devices are affected by CVE-2018-19860?

CVE-2018-19860 affects certain Broadcom firmware used in devices like the Nexus 5 and Raspberry Pi 3 among others.

What kind of issue is CVE-2018-19860 classified as?

CVE-2018-19860 is classified as a memory corruption issue resulting from improper input validation in Bluetooth.

When was CVE-2018-19860 disclosed?

CVE-2018-19860 was disclosed in May 2019 as part of the Android security bulletin.

Vulnerability/
CVE-2018-19860

high

8.8

CWE

20 732

6/5/2019

7/6/2019

26/8/2024

CVE-2018-19860: Input Validation

First published: Mon May 06 2019(Updated: )

Bluetooth. A memory corruption issue was addressed with improved input validation.

Credit: CVE-2018-19860 cve@mitre.org

Affected Software	Affected Version	How to fix
macOS Mojave	<10.14.6	10.14.6
macOS High Sierra
macOS High Sierra
Android
Broadcom BCM4335C0	=2012-12-11
Broadcom BCM4335C0
Broadcom Bcm43438a1	=2014-06-02
Broadcom Bcm43438a1 Firmware
Cypress Cyw20702a1kwfbg
Cypress Cyw20702a1kwfbg Firmware
Cypress Cyw20702a1kwfbgt
Cypress Cyw20702a1kwfbgt Firmware
Cypress Cyw20702b0kwfbg
Cypress Cyw20702b0kwfbg Firmware
Cypress Cyw20702b0kwfbgt Firmware
Cypress Cyw20702b0kwfbgt Firmware
Cypress Cyw20703ua1kffb1g
Cypress Cyw20703ua1kffb1g Firmware
Cypress Cyw20703ua1kffb1gt
Cypress Cyw20703ua1kffb1gt Firmware
Cypress Cyw20704ua1kffb1g
Cypress Cyw20704ua2kffb1g Firmware
Cypress Cyw20704ua1kffb1gt
Cypress Cyw20704ua1kffb1gt Firmware
Cypress Cyw20704ua2kffb1g
Cypress Cyw20704ua2kffb1g Firmware
Cypress Cyw20704ua2kffb1gt
Cypress Cyw20704ua2kffb1gt Firmware
Cypress CYW20705A1KWFBGT
Cypress CYW20705A1KWFBGT
Cypress Cyw20705b0kwfbg
Cypress Cyw20705b0kwfbg Firmware
Cypress Cyw20705b0kwfbgt
Cypress Cyw20705b0kwfbgt Firmware
Cypress Cyw20706ua1kffb4g Firmware
Cypress Cyw20706ua1kffb1g Firmware
Cypress Cyw20706ua1kffb1gt Firmware
Cypress Cyw20706ua1kffb1gt Firmware
Cypress Cyw20706ua1kffb4g Firmware
Cypress Cyw20706ua1kffb4g Firmware
Cypress Cyw20706ua2kffb4g
Cypress Cyw20706ua2kffb4g Firmware
Cypress CYW20706UA2KFFB4GT
Cypress CYW20706UA2KFFB4GT
Cypress Cyw20707a2kubgt
Cypress Cyw20707a2kubgt Firmware
Cypress Cyw20707ua1kffb1g
Cypress Cyw20707ua1kffb1g Firmware
Cypress Cyw20707ua1kffb4gt
Cypress Cyw20707ua1kffb4g Firmware
Cypress Cyw20707ua1kffb4gt
Cypress Cyw20707ua1kffb4gt Firmware
Cypress Cyw20707ua2kffb4g
Cypress Cyw20707ua2kffb4g Firmware
Cypress Cyw20707ua2kffb4g
Cypress Cyw20707ua2kffb4gt Firmware
Cypress Cyw20707va1pkwbgt Firmware
Cypress Cyw20707va1pkwbgt Firmware
Cypress Cyw20707va2pkwbgt
Cypress Cyw20707va2pkwbgt Firmware
Cypress Cyw20730a1kfbg
Cypress Cyw20730a1kfbg Firmware
Cypress CYW20730A1KFBGT
Cypress Cyw20730a2kfbgt Firmware
Cypress Cyw20730a1kml2g
Cypress Cyw20730a1kml2g Firmware
Cypress Cyw20730a1kml2gt
Cypress Cyw20730a1kml2gt Firmware
Cypress Cyw20730a1kmlg
Cypress Cyw20730a1kmlg Firmware
Cypress Cyw20730a1kmlgt
Cypress Cyw20730a1kmlgt Firmware
Cypress CYW20730
Cypress CYW20730
Cypress Cyw20730a2kfbgt
Cypress Cyw20730a2kfbgt Firmware
Cypress Cyw20730a2kml2g
Cypress Cyw20730a2kml2g Firmware
Cypress Cyw20730a2kml2g
Cypress Cyw20730a2kml2gt Firmware
Cypress Cyw20733a1kfb1gt
Cypress Cyw20733a1kfb1gt Firmware
Cypress Cyw20733a2kfb1g Firmware
Cypress CYW20733A2KFB1G
Cypress Cyw20733a2kfb1gt
Cypress Cyw20733a2kfb1gt Firmware
Cypress Cyw20733a2kml1gt
Cypress Cyw20733a2kml1g Firmware
Cypress Cyw20733a2kml1gt
Cypress Cyw20733a2kml1gt Firmware
Cypress Cyw20733a3kfb1g
Cypress Cyw20733a3kfb1g Firmware
Cypress Cyw20733a3kfb1gt
Cypress Cyw20733a3kfb1gt Firmware
Cypress Cyw20733a3kfb2gt
Cypress Cyw20733a3kfb2gt Firmware
Cypress CYW20733A3KML1GT
Cypress Cyw20733a3kml1g Firmware
Cypress CYW20733A3KML1GT
Cypress CYW20733A3KML1GT
Cypress CYW20734
Cypress CYW20734
Cypress Cyw20734ua1kffb3gt
Cypress Cyw20734ua1kffb3gt Firmware
Cypress Cyw20734ua2kffb3g
Cypress Cyw20734ua2kffb3g Firmware
Cypress Cyw20734ua2kffb3gt
Cypress Cyw20734ua2kffb3gt Firmware
Cypress Cyw43438kubgt
Cypress Cyw43438kubgt Firmware
Cypress Cyw4343w1kubgt
Cypress Cyw4343w1kubgt Firmware
Cypress Cyw4343wkubgt
Cypress Cyw4343wkubgt Firmware
Cypress Cyw4343wkwbgt Firmware
Cypress Cyw4343wkwbgt Firmware
Cypress Cyw4354kkwbgt
Cypress Cyw4354kkwbgt Firmware
Cypress Cyw4354xkubgt
Cypress Cyw4354xkubgt Firmware
Cypress Cyw89071a1cubxgt Firmware
Cypress Cyw89071a1cubxgt Firmware
Cypress CYW89072BRFB5G
Cypress Cyw89072brfb5g Firmware
Cypress Cyw89072brfb5gt
Cypress Cyw89072brfb5gt Firmware
Cypress Cyw89335l2cubgt
Cypress Cyw89335l2cubgt Firmware
Cypress Cyw89335lcubgt
Cypress Cyw89335lcubgt Firmware

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

HT210348

Frequently Asked Questions

What is the severity of CVE-2018-19860?
CVE-2018-19860 has a high severity rating due to its potential to allow remote code execution via Bluetooth.
How do I fix CVE-2018-19860?
To fix CVE-2018-19860, update the affected Broadcom firmware versions to the latest that address this vulnerability.
Which devices are affected by CVE-2018-19860?
CVE-2018-19860 affects certain Broadcom firmware used in devices like the Nexus 5 and Raspberry Pi 3 among others.
What kind of issue is CVE-2018-19860 classified as?
CVE-2018-19860 is classified as a memory corruption issue resulting from improper input validation in Bluetooth.
When was CVE-2018-19860 disclosed?
CVE-2018-19860 was disclosed in May 2019 as part of the Android security bulletin.