CVE-2018-11871 : Buffer overwrite can happen in WLAN function while processing set pdev parameter command due to lack of input validation

Buffer overwrite can happen in WLAN function while processing set pdev parameter command due to lack of input validation in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016.

Published 2018-10-29 18:29:04

Updated 2019-04-03 11:29:03

Source Qualcomm, Inc.

View at NVD, CVE.org

Vulnerability category: Overflow

Exploit prediction scoring system (EPSS) score for CVE-2018-11871

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 10 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2018-11871

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2018-11871

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-11871

http://www.securityfocus.com/bid/107681

Qualcomm Closed Source Components Multiple Unspecified Vulnerabilities

CVEs referencing this url
https://www.qualcomm.com/company/product-security/bulletins

Security Advisories | Product Security | Qualcomm
Vendor Advisory

CVEs referencing this url

Products affected by CVE-2018-11871

Qualcomm » Mdm9206 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9206 » Version: N/A
Qualcomm » Mdm9607 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9607 » Version: N/A
Qualcomm » Mdm9650 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9650 » Version: N/A
Qualcomm » Sd 210 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 210 » Version: N/A
Qualcomm » Sd 212 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 212 » Version: N/A
Qualcomm » Sd 425 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 425 » Version: N/A
Qualcomm » Sd 430 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 430 » Version: N/A
Qualcomm » Sd 625 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 625 » Version: N/A
Qualcomm » Sd 650 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 650 » Version: N/A
Qualcomm » Sd 820 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 820 » Version: N/A
Qualcomm » Sd 835 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 835 » Version: N/A
Qualcomm » Sd 845 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 845 » Version: N/A
Qualcomm » Sd 652 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 652 » Version: N/A
Qualcomm » Sd 205 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 205 » Version: N/A
Qualcomm » Sd 450 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 450 » Version: N/A
Qualcomm » Sd 600 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 600 » Version: N/A
Qualcomm » Mdm9635m Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9635m » Version: N/A
Qualcomm » Mdm9640 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9640 » Version: N/A
Qualcomm » Sdx20 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdx20 » Version: N/A
Qualcomm » Sd 850 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 850 » Version: N/A
Qualcomm » Sd 820a Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 820a » Version: N/A
Qualcomm » Sd 427 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_427_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 427 » Version: N/A
Qualcomm » Sd 435 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_435_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 435 » Version: N/A
Qualcomm » Sdm630 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm630 » Version: N/A
Qualcomm » Sdm636 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm636_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm636 » Version: N/A
Qualcomm » Sdm660 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm660 » Version: N/A
Qualcomm » Msm8996au Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8996au » Version: N/A
Qualcomm » Ipq4019 Firmware » Version: N/A
cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Ipq4019 » Version: N/A
Qualcomm » Ipq8064 Firmware » Version: N/A
cpe:2.3:o:qualcomm:ipq8064_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Ipq8064 » Version: N/A
Qualcomm » Qca9980 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca9980_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca9980 » Version: N/A
Qualcomm » Qca6174a Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6174a » Version: N/A
Qualcomm » Qca6574au Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6574au » Version: N/A
Qualcomm » Qca6584 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6584_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6584 » Version: N/A
Qualcomm » Qca6584au Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6584au_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6584au » Version: N/A
Qualcomm » Qca9377 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca9377_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca9377 » Version: N/A
Qualcomm » Qca9378 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca9378_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca9378 » Version: N/A
Qualcomm » Qca9379 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca9379_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca9379 » Version: N/A
Qualcomm » Qca9558 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca9558_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca9558 » Version: N/A
Qualcomm » Qca9880 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca9880_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca9880 » Version: N/A
Qualcomm » Qca9886 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca9886_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca9886 » Version: N/A
Qualcomm » Qca6574 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6574_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6574 » Version: N/A
Qualcomm » Qca6564 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6564_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6564 » Version: N/A
Qualcomm » Sdm710 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm710_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm710 » Version: N/A
Qualcomm » Snapdragon High Med 2016 Firmware » Version: N/A
cpe:2.3:o:qualcomm:snapdragon_high_med_2016_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Snapdragon High Med 2016 » Version: N/A
Qualcomm » Sdm632 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm632_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm632 » Version: N/A
Qualcomm » Sda660 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sda660 » Version: N/A
Qualcomm » Ipq8074 Firmware » Version: N/A
cpe:2.3:o:qualcomm:ipq8074_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Ipq8074 » Version: N/A
Qualcomm » Qca9531 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca9531_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca9531 » Version: N/A
Qualcomm » Qca9563 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca9563_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca9563 » Version: N/A

Vulnerability Details : CVE-2018-11871

Exploit prediction scoring system (EPSS) score for CVE-2018-11871

CVSS scores for CVE-2018-11871

CWE ids for CVE-2018-11871

References for CVE-2018-11871

Products affected by CVE-2018-11871