Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-11838

Possible double free issue in WLAN due to lack of checking memory free condition. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, MDM9640, SDA660, SDM636, SDM660, SDX20

Published

2020-03-05T09:15:15.280

Last Modified

2024-11-21T03:44:06.630

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-415

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	qualcomm	apq8053_firmware	-	Yes
Hardware	qualcomm	apq8053	-	No
Operating System	qualcomm	mdm9640_firmware	-	Yes
Hardware	qualcomm	mdm9640	-	No
Operating System	qualcomm	sda660_firmware	-	Yes
Hardware	qualcomm	sda660	-	No
Operating System	qualcomm	sdm636_firmware	-	Yes
Hardware	qualcomm	sdm636	-	No
Operating System	qualcomm	sdm660_firmware	-	Yes
Hardware	qualcomm	sdm660	-	No
Operating System	qualcomm	sdx20_firmware	-	Yes
Hardware	qualcomm	sdx20	-	No

References

https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin Patch, Vendor Advisory ([email protected])
https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)