CVE-2018-11945

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions MDM9150 through MDM9655 Qualcomm Snapdragon versions MSM8909W through MSM8996AU Qualcomm Snapdragon versions QCS605 Qualcomm Snapdragon versions SD 210/SD 212/SD 205 through SD 8CX Qualcomm Snapdragon versions SDA660 Qualcomm Snapdragon versions SDM439 through SDM660 Qualcomm Snapdragon versions SDX20 Qualcomm Snapdragon versions Snapdragon High Med 2016 Qualcomm Snapdragon versions SXR1130

Description The issue is related to improper input validation in the wireless service messaging module for data received from broadcast messages, which can lead to a heap overflow. This affects various Qualcomm Snapdragon products.

Recommendations For versions MDM9150 through MDM9655, update to a version that includes the fix for the improper input validation issue. For versions MSM8909W through MSM8996AU, update to a version that includes the fix for the improper input validation issue. For version QCS605, update to a version that includes the fix for the improper input validation issue. For versions SD 210/SD 212/SD 205 through SD 8CX, update to a version that includes the fix for the improper input validation issue. For version SDA660, update to a version that includes the fix for the improper input validation issue. For versions SDM439 through SDM660, update to a version that includes the fix for the improper input validation issue. For version SDX20, update to a version that includes the fix for the improper input validation issue. For version Snapdragon High Med 2016, update to a version that includes the fix for the improper input validation issue. For version SXR1130, update to a version that includes the fix for the improper input validation issue.