CVE-2018-13912

CVE Database · CVE-2018-13912

CVE-2018-13912

· N/AModified

CVSS v3.1

N/A

EPSS

0.20%

Published

Feb 25, 2019

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Arbitrary write issue can occur when user provides kernel address in compat mode in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24.

Weaknesses (CWE)

CWE-119

Affected Products (72)

qualcomm · snapdragon_auto_firmwarevulnerable

qualcomm · snapdragon_auto

qualcomm · snapdragon_connectivity_firmwarevulnerable

qualcomm · snapdragon_connectivity

qualcomm · snapdragon_consumer_internet_of_things_firmwarevulnerable

qualcomm · snapdragon_consumer_internet_of_things

qualcomm · snapdragon_industrial_internet_of_things_firmwarevulnerable

qualcomm · snapdragon_industrial_internet_of_things

qualcomm · snapdragon_mobile_firmwarevulnerable

qualcomm · snapdragon_mobile

qualcomm · snapdragon_voice_\&_music_firmware

References (2)

https://www.codeaurora.org/security-bulletin/2019/02/04/february-2019-code-aurora-security-bulletin

PatchThird Party Advisory

https://www.codeaurora.org/security-bulletin/2019/02/04/february-2019-code-aurora-security-bulletin

PatchThird Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs