PT-2018-5319 · Qualcomm+1 · Qualcomm Snapdragon+1
Published
2018-07-06
·
Updated
2018-09-04
·
CVE-2017-11088
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Qualcomm Snapdragon versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 835, SD 845
Description
A SQL injection issue exists due to improper input validation in the Linux io-prefetch component. This could potentially allow for unauthorized access or control.
Recommendations
For versions MSM8909W, apply the necessary security patches to fix the SQL injection vulnerability.
For versions MSM8996AU, update the io-prefetch component to prevent improper input validation.
For versions SD 210/SD 212/SD 205, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 835, SD 845, restrict access to sensitive data to minimize the risk of exploitation until a patch is available.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linux
Qualcomm Snapdragon