PT-2018-17235 · Qualcomm · Snapdragon Wear+1
Publicado
2018-10-26
·
Atualizado
2019-01-23
·
CVE-2018-5914
CVSS v2.0
7.2
Alta
| Vetor | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Snapdragon Mobile versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660
Snapdragon Wear versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660
Description:
The issue arises from improper input validation in the TZ, leading to an array out of bounds condition in the TZ function. This occurs when accessing peripheral details using incoming data.
Recommendations:
For Snapdragon Mobile versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660, consider implementing proper input validation to prevent array out of bounds conditions.
For Snapdragon Wear versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660, consider implementing proper input validation to prevent array out of bounds conditions.
At the moment, there is no information about a newer version that contains a fix for this issue.
Correção
Improper Validation of Array Index
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Snapdragon Mobile
Snapdragon Wear