CVE-2018-5839

Improperly configured memory protection allows read/write access to modem image from HLOS kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in versions MDM9150, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8996AU, QCS605, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX20, SXR1130.

CVSS v3 7.1 HIGH
CVSS v2.0 6.6 MEDIUM

7.1^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

6.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:N

Exploitability : 3.9 / Impact : 9.2

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/106845	Third Party Advisory VDB Entry
https://www.qualcomm.com/company/product-security/bulletins	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:qualcomm:snapdragon_auto_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:snapdragon_auto:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:qualcomm:snapdragon_compute_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:snapdragon_compute:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:qualcomm:snapdragon_consumer_internet_of_things_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:snapdragon_consumer_internet_of_things:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:qualcomm:snapdragon_industrial_internet_of_things_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:snapdragon_industrial_internet_of_things:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:qualcomm:mdm9150_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:mdm9150:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:qualcomm:mdm9615_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:mdm9615:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:qualcomm:sd_636_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_636:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_675:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:qualcomm:sd_712_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_712:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:qualcomm:sd_710_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_710:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:qualcomm:sd_670_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_670:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:qualcomm:sd_855_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_855:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:qualcomm:sd_8cx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_8cx:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sda660:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdm630:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdm660:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:qualcomm:sxr1130_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sxr1130:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-02-25 22:29

Updated : 2024-02-28 16:48

NVD link : CVE-2018-5839

Mitre link : CVE-2018-5839

CVE.ORG link : CVE-2018-5839

JSON object : View

Products Affected

qualcomm

sd_670
sd_636
sdm630_firmware
sd_675
sd_636_firmware
mdm9655_firmware
sd_835
mdm9640
sxr1130_firmware
mdm9655
snapdragon_consumer_internet_of_things
sd_820_firmware
sdm630
sd_670_firmware
msm8996au
snapdragon_industrial_internet_of_things
mdm9640_firmware
sd_845_firmware
mdm9150
mdm9625
sdm660_firmware
sd_855_firmware
mdm9635m_firmware
sd_712_firmware
sd_710
sdm660
snapdragon_auto
msm8996au_firmware
qcs605_firmware
mdm9635m
snapdragon_compute
mdm9650
sd_845
sd_855
sd_675_firmware
sd_712
sda660
mdm9150_firmware
qcs605
sd_850_firmware
snapdragon_compute_firmware
sdx20
sd_850
sd_835_firmware
sda660_firmware
sdx20_firmware
mdm9615_firmware
sd_820
mdm9625_firmware
sd_820a_firmware
mdm9650_firmware
snapdragon_industrial_internet_of_things_firmware
snapdragon_auto_firmware
sd_710_firmware
mdm9615
sd_820a
sxr1130
snapdragon_consumer_internet_of_things_firmware
sd_8cx_firmware
sd_8cx

CWE

CWE-269

Improper Privilege Management

7.1 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

6.6 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact NONE

JSON object

Attach tags to CVE-2018-5839

7.1^/10

6.6^/10

Attach tags to `CVE-2018-5839`