CVE-2018-13904

Improper input validation in SCM handler to access storage in TZ can lead to unauthorized access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in versions MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 410/12, SD 675, SD 712 / SD 710 / SD 670, SD 8CX, SXR1130.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:qualcomm:sd_12_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_12:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_675:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:qualcomm:sd_712_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_712:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:qualcomm:sd_710_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_710:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:qualcomm:sd_670_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_670:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:qualcomm:sd_8cx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd_8cx:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:qualcomm:sxr1130_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sxr1130:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-02-25 22:29

Updated : 2024-02-04 20:03


NVD link : CVE-2018-13904

Mitre link : CVE-2018-13904

CVE.ORG link : CVE-2018-13904


JSON object : View

Products Affected

qualcomm

  • sxr1130
  • sd_12_firmware
  • sd_8cx_firmware
  • sd_712
  • sd_710
  • qcs605_firmware
  • sd_675_firmware
  • sd_710_firmware
  • sd_12
  • mdm9650
  • sd_410
  • mdm9607
  • sd_712_firmware
  • sd_670
  • sd_670_firmware
  • sd_8cx
  • mdm9655_firmware
  • mdm9206
  • sd_410_firmware
  • mdm9607_firmware
  • mdm9655
  • qcs605
  • mdm9650_firmware
  • mdm9206_firmware
  • sd_675
  • sxr1130_firmware
CWE
CWE-20

Improper Input Validation