CVE-2018-11864

Name of the Vulnerable Software and Affected Versions Snapdragon Auto versions IPQ8074 Snapdragon Compute versions MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, QCS605 Snapdragon Connectivity versions QCA8081 Snapdragon Consumer Electronics Connectivity versions SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670 Snapdragon Consumer IOT versions SDM439, SDM630, SDM660 Snapdragon Industrial IOT versions SDA660, SXR1130 Snapdragon Mobile versions MSM8996AU, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX Snapdragon Voice & Music versions Snapdragon High Med 2016 Snapdragon Wired Infrastructure and Networking versions MDM9150, MDM9206, MDM9607, MDM9650, MDM9655

Description The issue allows bytes to be written to fuses from the Secure region, which can be read later by HLOS. This affects various Snapdragon products.

Recommendations For Snapdragon Auto version IPQ8074, update to a version that includes a fix for this issue. For Snapdragon Compute versions MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, QCS605, apply configuration changes to restrict access to the Secure region. For Snapdragon Connectivity version QCA8081, avoid using the vulnerable function until a patch is available. For Snapdragon Consumer Electronics Connectivity versions SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, restrict access to the vulnerable module to minimize the risk of exploitation. For Snapdragon Consumer IOT versions SDM439, SDM630, SDM660, consider disabling the vulnerable parameter until a fix is available. For Snapdragon Industrial IOT versions SDA660, SXR1130, update to a version that includes a fix for this issue. For Snapdragon Mobile versions MSM8996AU, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, apply configuration changes to restrict access to the Secure region. For Snapdragon Voice & Music version Snapdragon High Med 2016, avoid using the vulnerable function until a patch is available. For Snapdragon Wired Infrastructure and Networking versions MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, restrict access to the vulnerable module to minimize the risk of exploitation.