CVE-2018-13895

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Auto (affected versions not specified) Qualcomm Snapdragon Compute (affected versions not specified) Qualcomm Snapdragon Connectivity (affected versions not specified) Qualcomm Snapdragon Consumer IOT (affected versions not specified) Qualcomm Snapdragon Industrial IOT (affected versions not specified) Qualcomm Snapdragon IoT (affected versions not specified) Qualcomm Snapdragon Mobile (affected versions not specified) Qualcomm Snapdragon Wearables (affected versions not specified) MDM9150 (affected versions not specified) MDM9206 (affected versions not specified) MDM9607 (affected versions not specified) MDM9650 (affected versions not specified) MSM8909W (affected versions not specified) MSM8996AU (affected versions not specified) QCS605 (affected versions not specified) Qualcomm 215 (affected versions not specified) SD 210/SD 212/SD 205 (affected versions not specified) SD 425 (affected versions not specified) SD 439 / SD 429 (affected versions not specified) SD 450 (affected versions not specified) SD 615/16/SD 415 (affected versions not specified) SD 625 (affected versions not specified) SD 632 (affected versions not specified) SD 636 (affected versions not specified) SD 650/52 (affected versions not specified) SD 712 / SD 710 / SD 670 (affected versions not specified) SD 820 (affected versions not specified) SD 820A (affected versions not specified) SD 835 (affected versions not specified) SD 845 / SD 850 (affected versions not specified) SD 855 (affected versions not specified) SDA660 (affected versions not specified) SDM439 (affected versions not specified) SDM630 (affected versions not specified) SDM660 (affected versions not specified) SDX20 (affected versions not specified)

Description The issue arises from missing permissions on several content providers of the RCS app in its Android manifest file, leading to unprivileged access to the phone. This affects various Qualcomm Snapdragon products, including Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, and Wearables, as well as specific models such as MDM9150, MDM9206, and others.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.