CVE-2018-5839

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon versions MDM9150, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8996AU, QCS605, SD 636, SD 675, SD 712, SD 710, SD 670, SD 820, SD 820A, SD 835, SD 845, SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX20, SXR1130.

Description: The issue arises from improperly configured memory protection, allowing unauthorized read/write access to the modem image from the HLOS kernel. This affects various Qualcomm Snapdragon products, including Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, and Snapdragon Mobile.

Recommendations: For versions MDM9150, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8996AU, QCS605, SD 636, SD 675, SD 712, SD 710, SD 670, SD 820, SD 820A, SD 835, SD 845, SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX20, SXR1130, consider restricting access to sensitive memory areas to prevent unauthorized access until a patch is available. As a temporary workaround, consider disabling any unnecessary features that may utilize the improperly configured memory protection until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.