CVE-2018-13900

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions MDM9150 through MDM9650 Qualcomm Snapdragon versions MSM8909W through MSM8996AU Qualcomm Snapdragon versions QCS605 Qualcomm Snapdragon versions SD 210 through SD 212 Qualcomm Snapdragon versions SD 205 Qualcomm Snapdragon versions SD 425 through SD 427 Qualcomm Snapdragon versions SD 430 through SD 439 Qualcomm Snapdragon versions SD 429 Qualcomm Snapdragon versions SD 450 Qualcomm Snapdragon versions SD 625 Qualcomm Snapdragon versions SD 636 Qualcomm Snapdragon versions SD 670 through SD 712 Qualcomm Snapdragon versions SD 710 Qualcomm Snapdragon versions SD 820 through SD 820A Qualcomm Snapdragon versions SD 835 Qualcomm Snapdragon versions SD 845 through SD 850 Qualcomm Snapdragon versions SD 855 Qualcomm Snapdragon versions SDA660 Qualcomm Snapdragon versions SDM439 Qualcomm Snapdragon versions SDM630 Qualcomm Snapdragon versions SDM660 Qualcomm Snapdragon versions SDX20 Qualcomm Snapdragon versions SDX24

Description A use-after-free issue occurs due to the lack of protection for the route table's rule in the IPA driver. This issue affects various Qualcomm Snapdragon products, including Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, and Snapdragon Wearables.

Recommendations For versions MDM9150 through MDM9650, consider disabling the IPA driver until a patch is available. For versions MSM8909W through MSM8996AU, restrict access to the route table to minimize the risk of exploitation. For version QCS605, avoid using the vulnerable IPA driver functionality until the issue is resolved. For versions SD 210 through SD 212, and SD 205, temporarily disable the IPA driver to prevent potential attacks. For versions SD 425 through SD 427, and SD 430 through SD 439, apply configuration changes to limit the IPA driver's access to sensitive data. For version SD 429, restrict the use of the IPA driver to minimize the risk of exploitation. For version SD 450, consider disabling the IPA driver until a patch is available. For version SD 625, avoid using the vulnerable IPA driver functionality until the issue is resolved. For version SD 636, temporarily disable the IPA driver to prevent potential attacks. For versions SD 670 through SD 712, and SD 710, apply configuration changes to limit the IPA driver's access to sensitive data. For versions SD 820 through SD 820A, restrict access to the route table to minimize the risk of exploitation. For version SD 835, consider disabling the IPA driver until a patch is available. For versions SD 845 through SD 850, avoid using the vulnerable IPA driver functionality until the issue is resolved. For version SD 855, temporarily disable the IPA driver to prevent potential attacks. For version SDA660, restrict the use of the IPA driver to minimize the risk of exploitation. For version SDM439, apply configuration changes to limit the IPA driver's access to sensitive data. For version SDM630, consider disabling the IPA driver until a patch is available. For version SDM660, avoid using the vulnerable IPA driver functionality until the issue is resolved. For versions SDX20, and SDX24, temporarily disable the IPA driver to prevent potential attacks.