CVE-2018-11999

Name of the Vulnerable Software and Affected Versions Qualcomm TrustZone versions MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 636, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM630, SDM660, SDX24

Description The issue is related to insufficient input validation in the Qualcomm TrustZone component of the Android operating system. This can lead to a denial of service. The vulnerability affects various Snapdragon products, including automobile, mobile, and wear devices.

Recommendations For versions MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 636, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM630, SDM660, SDX24, consider disabling the TrustZone component until a patch is available. As a temporary workaround, restrict access to the TrustZone component to minimize the risk of exploitation. Avoid using the vulnerable TrustZone component in the affected Snapdragon products until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.