CVE-2018-11290

Name of the Vulnerable Software and Affected Versions Snapdragon (Automobile, Mobile, Wear) versions MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820A, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon High Med 2016

Description The issue is related to a flawed Random Number Generator (RNG) used for MAC address randomization during probe requests, which is not performed properly.

Recommendations For Snapdragon (Automobile, Mobile, Wear) versions MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820A, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon High Med 2016, consider implementing a secure RNG to properly randomize MAC addresses during probe requests as a mitigation measure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.