Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-13912

Arbitrary write issue can occur when user provides kernel address in compat mode in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 5.5, requiring local system access to exploit with relatively low complexity without requiring user interaction requiring only low-level privileges . The vulnerability impacts integrity (unauthorized modifications), for affected systems. Impacting 72 products from qualcomm, from qualcomm, from qualcomm and 69 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

First disclosed in 2019, this vulnerability was reported during a period defined by widespread IoT adoption challenges, mobile security concerns, and the emergence of advanced persistent threat (APT) techniques. Contemporary mitigation strategies focused on secure development practices and third-party component vetting.

Published

2019-02-25T22:29:02.807

Last Modified

2024-11-21T03:48:19.507

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 5.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	qualcomm	snapdragon_auto_firmware	-	Yes
Hardware	qualcomm	snapdragon_auto	-	No
Operating System	qualcomm	snapdragon_connectivity_firmware	-	Yes
Hardware	qualcomm	snapdragon_connectivity	-	No
Operating System	qualcomm	snapdragon_consumer_internet_of_things_firmware	-	Yes
Hardware	qualcomm	snapdragon_consumer_internet_of_things	-	No
Operating System	qualcomm	snapdragon_industrial_internet_of_things_firmware	-	Yes
Hardware	qualcomm	snapdragon_industrial_internet_of_things	-	No
Operating System	qualcomm	snapdragon_mobile_firmware	-	Yes
Hardware	qualcomm	snapdragon_mobile	-	No
Operating System	qualcomm	snapdragon_voice_\&_music_firmware	-	Yes
Hardware	qualcomm	snapdragon_voice_\&_music	-	No
Operating System	qualcomm	mdm9150_firmware	-	Yes
Hardware	qualcomm	mdm9150	-	No
Operating System	qualcomm	mdm9206_firmware	-	Yes
Hardware	qualcomm	mdm9206	-	No
Operating System	qualcomm	mdm9607_firmware	-	Yes
Hardware	qualcomm	mdm9607	-	No
Operating System	qualcomm	mdm9640_firmware	-	Yes
Hardware	qualcomm	mdm9640	-	No
Operating System	qualcomm	mdm9650_firmware	-	Yes
Hardware	qualcomm	mdm9650	-	No
Operating System	qualcomm	msm8909w_firmware	-	Yes
Hardware	qualcomm	msm8909w	-	No
Operating System	qualcomm	msm8996au_firmware	-	Yes
Hardware	qualcomm	msm8996au	-	No
Operating System	qualcomm	qcs605_firmware	-	Yes
Hardware	qualcomm	qcs605	-	No
Operating System	qualcomm	sd_210_firmware	-	Yes
Hardware	qualcomm	sd_210	-	No
Operating System	qualcomm	sd_212_firmware	-	Yes
Hardware	qualcomm	sd_212	-	No
Operating System	qualcomm	sd_205_firmware	-	Yes
Hardware	qualcomm	sd_205	-	No
Operating System	qualcomm	sd_425_firmware	-	Yes
Hardware	qualcomm	sd_425	-	No
Operating System	qualcomm	sd_439_firmware	-	Yes
Hardware	qualcomm	sd_439	-	No
Operating System	qualcomm	sd_429_firmware	-	Yes
Hardware	qualcomm	sd_429	-	No
Operating System	qualcomm	sd_625_firmware	-	Yes
Hardware	qualcomm	sd_625	-	No
Operating System	qualcomm	sd_636_firmware	-	Yes
Hardware	qualcomm	sd_636	-	No
Operating System	qualcomm	sd_712_firmware	-	Yes
Hardware	qualcomm	sd_712	-	No
Operating System	qualcomm	sd_710_firmware	-	Yes
Hardware	qualcomm	sd_710	-	No
Operating System	qualcomm	sd_670_firmware	-	Yes
Hardware	qualcomm	sd_670	-	No
Operating System	qualcomm	sd_820_firmware	-	Yes
Hardware	qualcomm	sd_820	-	No
Operating System	qualcomm	sd_820a_firmware	-	Yes
Hardware	qualcomm	sd_820a	-	No
Operating System	qualcomm	sd_835_firmware	-	Yes
Hardware	qualcomm	sd_835	-	No
Operating System	qualcomm	sd_845_firmware	-	Yes
Hardware	qualcomm	sd_845	-	No
Operating System	qualcomm	sd_850_firmware	-	Yes
Hardware	qualcomm	sd_850	-	No
Operating System	qualcomm	sda660_firmware	-	Yes
Hardware	qualcomm	sda660	-	No
Operating System	qualcomm	sdm439_firmware	-	Yes
Hardware	qualcomm	sdm439	-	No
Operating System	qualcomm	sdm630_firmware	-	Yes
Hardware	qualcomm	sdm630	-	No
Operating System	qualcomm	sdm660_firmware	-	Yes
Hardware	qualcomm	sdm660	-	No
Operating System	qualcomm	sdx20_firmware	-	Yes
Hardware	qualcomm	sdx20	-	No
Operating System	qualcomm	sdx24_firmware	-	Yes
Hardware	qualcomm	sdx24	-	No

References

https://www.codeaurora.org/security-bulletin/2019/02/04/february-2019-code-aurora-security-bulletin Patch, Third Party Advisory ([email protected])
https://www.codeaurora.org/security-bulletin/2019/02/04/february-2019-code-aurora-security-bulletin Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For qualcomm's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.