CVE-2018-13897

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660

Description The issue results in an information exposure due to the client's hostname being added to the DNS record on devices running dnsmasq. This affects various Qualcomm Snapdragon products, including Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, and Snapdragon Wearables.

Recommendations For Qualcomm Snapdragon versions MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660, consider disabling the dnsmasq service as a temporary workaround until a patch is available. Restrict access to the DNS records to minimize the risk of exploitation. Avoid using the vulnerable dnsmasq configuration until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.