CVE-2018-11870

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Automobile versions MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650 Qualcomm Snapdragon Mobile versions MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850 Qualcomm Snapdragon Wear versions MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650 Qualcomm QCA4531 version Qualcomm QCA6174A version Qualcomm QCA6574AU version Qualcomm QCA6584 version Qualcomm QCA6584AU version Qualcomm QCA9377 version Qualcomm QCA9378 version Qualcomm QCA9379 version Qualcomm SDA660 version Qualcomm SDX20 version

Description A buffer overwrite can occur when the legacy rates count received from the host is not checked against the maximum number of legacy rates.

Recommendations For Qualcomm Snapdragon Automobile versions MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, update the software to check the legacy rates count against the maximum number of legacy rates. For Qualcomm Snapdragon Mobile versions MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, update the software to check the legacy rates count against the maximum number of legacy rates. For Qualcomm Snapdragon Wear versions MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, update the software to check the legacy rates count against the maximum number of legacy rates. For Qualcomm QCA4531 version , update the software to check the legacy rates count against the maximum number of legacy rates. For Qualcomm QCA6174A version , update the software to check the legacy rates count against the maximum number of legacy rates. For Qualcomm QCA6574AU version , update the software to check the legacy rates count against the maximum number of legacy rates. For Qualcomm QCA6584 version , update the software to check the legacy rates count against the maximum number of legacy rates. For Qualcomm QCA6584AU version , update the software to check the legacy rates count against the maximum number of legacy rates. For Qualcomm QCA9377 version , update the software to check the legacy rates count against the maximum number of legacy rates. For Qualcomm QCA9378 version , update the software to check the legacy rates count against the maximum number of legacy rates. For Qualcomm QCA9379 version , update the software to check the legacy rates count against the maximum number of legacy rates. For Qualcomm SDA660 version , update the software to check the legacy rates count against the maximum number of legacy rates. For Qualcomm SDX20 version , update the software to check the legacy rates count against the maximum number of legacy rates.