PT-2018-4145 · Qualcomm+1 · Snapdragon Automobile+3
Published
2018-04-18
·
Updated
2018-05-09
·
CVE-2014-10054
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Android versions prior to 2018-04-05 security patch level
Description
The issue is related to a lack of input validation on BT HCI commands processing, which allows privilege escalation. This affects Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear devices with specific chipsets, including MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 400, SD 450, SD 410/12, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SDX20.
Recommendations
For Android versions prior to 2018-04-05 security patch level, update to a version with a security patch level of 2018-04-05 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android
Snapdragon Automobile
Snapdragon Mobile
Snapdragon Wear