CVE-2018-11966

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SM7150, Snapdragon High Med 2016, SXR1130

Description The issue is related to undefined behavior in User Equipment (UE) while processing unknown Information Element Identifier (IEI) in Over-The-Air (OTA) messages. This affects various Qualcomm Snapdragon products, including those used in automotive, compute, consumer IoT, industrial IoT, mobile, and wearables applications.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.