CVE-2018-11277

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660

Description The issue is related to the com.qualcomm.embms vendor package in the system image, which has an inadequate permission level. This allows any application installed from the Play Store to request this permission at install-time, potentially leading to an access control issue. The system application interfaces with the Radio Interface Layer.

Recommendations For Qualcomm Snapdragon versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, consider restricting access to the com.qualcomm.embms package to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.