CVE-2018-11264

HIGH

Qualcomm Mdm9206 Firmware - Memory Corruption

Title source: rule

Description

Possible buffer overflow in Ontario fingerprint code due to lack of input validation for the parameters coming into TZ from HLOS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDA660.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://www.qualcomm.com/company/product-security/bulletins

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/105838

Scores

CVSS v3 7.8

EPSS 0.0004

EPSS Percentile 12.3%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (19)

qualcomm/mdm9206_firmware

qualcomm/mdm9607_firmware

qualcomm/mdm9650_firmware

qualcomm/msm8996au_firmware

qualcomm/sd_205_firmware

qualcomm/sd_210_firmware

qualcomm/sd_212_firmware

qualcomm/sd_410_firmware

qualcomm/sd_412_firmware

qualcomm/sd_425_firmware

... and 9 more

Published Nov 28, 2018

Tracked Since Feb 18, 2026