CVE-2018-5913

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon Auto versions MDM9150 through MDM9655 Qualcomm Snapdragon Compute versions MDM9150 through MDM9655 Qualcomm Snapdragon Connectivity versions MDM9150 through MDM9655 Qualcomm Snapdragon Consumer Electronics Connectivity versions MDM9150 through MDM9655 Qualcomm Snapdragon Consumer IOT versions MDM9150 through MDM9655 Qualcomm Snapdragon Industrial IOT versions MDM9150 through MDM9655 Qualcomm Snapdragon IoT versions MDM9150 through MDM9655 Qualcomm Snapdragon Mobile versions MDM9150 through MDM9655 Qualcomm Snapdragon Voice & Music versions MDM9150 through MDM9655 Qualcomm Snapdragon Wearables versions MDM9150 through MDM9655 Qualcomm MDM9150 Qualcomm MDM9206 Qualcomm MDM9607 Qualcomm MDM9625 Qualcomm MDM9635M Qualcomm MDM9640 Qualcomm MDM9650 Qualcomm MDM9655 Qualcomm MSM8909W Qualcomm MSM8996AU Qualcomm QCS405 Qualcomm QCS605 Qualcomm 215 Qualcomm SD 210 Qualcomm SD 212 Qualcomm SD 205 Qualcomm SD 410 Qualcomm SD 412 Qualcomm SD 425 Qualcomm SD 427 Qualcomm SD 430 Qualcomm SD 435 Qualcomm SD 439 Qualcomm SD 429 Qualcomm SD 450 Qualcomm SD 615 Qualcomm SD 616 Qualcomm SD 415 Qualcomm SD 625 Qualcomm SD 632 Qualcomm SD 636 Qualcomm SD 650 Qualcomm SD 652 Qualcomm SD 675 Qualcomm SD 712 Qualcomm SD 710 Qualcomm SD 670 Qualcomm SD 730 Qualcomm SD 820 Qualcomm SD 820A Qualcomm SD 835 Qualcomm SD 845 Qualcomm SD 850 Qualcomm SD 855 Qualcomm SD 8CX Qualcomm SDA660 Qualcomm SDM439 Qualcomm SDM630 Qualcomm SDM660 Qualcomm Snapdragon High Med 2016 Qualcomm SXR1130

Description: A non-time constant function memcmp is used, which creates a side channel that could leak information.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.