CVE-2018-11976

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Auto versions prior to the fixed version Qualcomm Snapdragon Compute versions prior to the fixed version Qualcomm Snapdragon Connectivity versions prior to the fixed version Qualcomm Snapdragon Consumer Electronics Connectivity versions prior to the fixed version Qualcomm Snapdragon Consumer IOT versions prior to the fixed version Qualcomm Snapdragon Industrial IOT versions prior to the fixed version Qualcomm Snapdragon IoT versions prior to the fixed version Qualcomm Snapdragon Mobile versions prior to the fixed version Qualcomm Snapdragon Voice & Music versions prior to the fixed version Qualcomm Snapdragon Wearables versions prior to the fixed version Qualcomm Snapdragon Wired Infrastructure and Networking versions prior to the fixed version IPQ8074 version prior to the fixed version MDM9150 version prior to the fixed version MDM9206 version prior to the fixed version MDM9607 version prior to the fixed version MDM9650 version prior to the fixed version MDM9655 version prior to the fixed version MSM8909W version prior to the fixed version MSM8996AU version prior to the fixed version QCA8081 version prior to the fixed version QCS605 version prior to the fixed version Qualcomm 215 version prior to the fixed version SD 210/SD 212/SD 205 version prior to the fixed version SD 410/12 version prior to the fixed version SD 425 version prior to the fixed version SD 427 version prior to the fixed version SD 430 version prior to the fixed version SD 435 version prior to the fixed version SD 439 / SD 429 version prior to the fixed version SD 450 version prior to the fixed version SD 615/16/SD 415 version prior to the fixed version SD 625 version prior to the fixed version SD 632 version prior to the fixed version SD 636 version prior to the fixed version SD 650/52 version prior to the fixed version SD 712 / SD 710 / SD 670 version prior to the fixed version SD 820 version prior to the fixed version SD 820A version prior to the fixed version SD 835 version prior to the fixed version SD 845 / SD 850 version prior to the fixed version SD 8CX version prior to the fixed version SDA660 version prior to the fixed version SDM439 version prior to the fixed version SDM630 version prior to the fixed version SDM660 version prior to the fixed version Snapdragon High Med 2016 version prior to the fixed version SXR1130 version prior to the fixed version

Description The issue is related to the ECDSA signature code, which leaks private keys from the secure world to the non-secure world. This problem allows attackers to determine the contents of encrypted keys stored in the isolated enclave based on ARM TrustZone technology.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.