CVE-2018-13920

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Auto versions (affected versions not specified) Qualcomm Snapdragon Consumer IOT versions (affected versions not specified) Qualcomm Snapdragon Industrial IOT versions (affected versions not specified) Qualcomm Snapdragon Mobile versions (affected versions not specified) Qualcomm Snapdragon Wearables versions (affected versions not specified) MDM9206 (affected versions not specified) MDM9607 (affected versions not specified) MDM9650 (affected versions not specified) MSM8909W (affected versions not specified) QCS605 (affected versions not specified) Qualcomm 215 (affected versions not specified) SD 425 (affected versions not specified) SD 439 / SD 429 (affected versions not specified) SD 450 (affected versions not specified) SD 625 (affected versions not specified) SD 632 (affected versions not specified) SD 636 (affected versions not specified) SD 712 / SD 710 / SD 670 (affected versions not specified) SD 820A (affected versions not specified) SD 845 / SD 850 (affected versions not specified) SD 855 (affected versions not specified) SDM439 (affected versions not specified) SDM630 (affected versions not specified) SDM660 (affected versions not specified) SDX24 (affected versions not specified)

Description The issue is related to a use-after-free condition due to improper handling of hrtimers when the PMU driver tries to access its events. This condition may occur in various Qualcomm Snapdragon products, including Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, and Snapdragon Wearables, as well as in specific chipsets such as MDM9206, MDM9607, and others.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.