PT-2018-17235 · Qualcomm · Snapdragon Wear+1
Published
2018-10-26
·
Updated
2019-01-23
·
CVE-2018-5914
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Snapdragon Mobile versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660
Snapdragon Wear versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660
Description:
The issue arises from improper input validation in the TZ, leading to an array out of bounds condition in the TZ function. This occurs when accessing peripheral details using incoming data.
Recommendations:
For Snapdragon Mobile versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660, consider implementing proper input validation to prevent array out of bounds conditions.
For Snapdragon Wear versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660, consider implementing proper input validation to prevent array out of bounds conditions.
At the moment, there is no information about a newer version that contains a fix for this issue.
Fix
Improper Validation of Array Index
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Snapdragon Mobile
Snapdragon Wear