CVE-2018-11855

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 636, SD 820, SD 820A, SD 835, SD 8CX, SDA660, SDM630, SDM660

Description The issue arises when an end user utilizes the SCP11 sample OCE code without modification, potentially leading to a buffer overflow when transmitting a CAPDU. This affects various Snapdragon products, including Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, and Snapdragon Mobile.

Recommendations For versions MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 636, SD 820, SD 820A, SD 835, SD 8CX, SDA660, SDM630, SDM660, modify the SCP11 sample OCE code to prevent buffer overflow when transmitting a CAPDU. At the moment, there is no information about a newer version that contains a fix for this vulnerability.