PT-2019-8848 · Qualcomm · Qualcomm Snapdragon

Published

2019-04-04

Updated

2019-10-03

CVE-2018-11970

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 410/12, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SD 8CX, SDA660, SDM630, SDM660, SXR1130

Description The issue concerns unprotected dynamic allocations in the TZ App from the XBL loader in various Qualcomm Snapdragon products.

Recommendations For Qualcomm Snapdragon in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 410/12, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SD 8CX, SDA660, SDM630, SDM660, SXR1130, at the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2018-11970

Affected Products

Qualcomm Snapdragon

PT-2019-8848 · Qualcomm · Qualcomm Snapdragon

CVE-2018-11970

Related Identifiers

Affected Products

References · 2