CVE-2018-13925

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon High Med 2016, SXR1130

Description The issue is related to an error in parsing the PMT table, which causes a heap use after free problem. This occurs because the memory allocated for the map section is freed, but the context map section reference is not reset. The estimated number of potentially affected devices is not provided. There is no information about real-world incidents where this issue was exploited.

Recommendations For Qualcomm Snapdragon versions in the listed chipsets, update to a version that includes the fix for the heap use after free issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.