CVE-2018-13906

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions (affected versions not specified)

Description The HMAC authenticating the message from QSEE is vulnerable to timing side channel analysis, potentially allowing forged application messages. This issue affects various Qualcomm Snapdragon products, including Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, and others, across a range of IPQ, MDM, MSM, QCA, QCS, SD, and other series.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.