CVE-2018-11284

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Mobile and Snapdragon Wear versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 636, SDA660, SDM630, SDM660, SDX20

Description The issue allows spoofed SMS messages to be sent to a device, triggering a large number of registration updates with the server. This can lead to a flood of updates.

Recommendations For versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 636, SDA660, SDM630, SDM660, SDX20, consider implementing rate limiting on registration updates to prevent flooding. As a temporary workaround, consider restricting the processing of SMS messages from unknown sources until a patch is available. Restrict access to the registration update mechanism to minimize the risk of exploitation.