CVE-2018-11277
HIGHQualcomm Msm8909w Firmware - Incorrect Permission Assignment
Title source: ruleDescription
In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, the com.qualcomm.embms is a vendor package deployed in the system image which has an inadequate permission level and allows any application installed from Play Store to request this permission at install-time. The system application interfaces with the Radio Interface Layer leading to potential access control issue.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.qualcomm.com/company/product-security/bulletins
Scores
CVSS v3
7.8
EPSS
0.0004
EPSS Percentile
10.8%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-732
Status
published
Products (20)
qualcomm/msm8909w_firmware
qualcomm/msm8996au_firmware
qualcomm/sd205_firmware
qualcomm/sd210_firmware
qualcomm/sd212_firmware
qualcomm/sd415_firmware
qualcomm/sd430_firmware
qualcomm/sd450_firmware
qualcomm/sd615_firmware
qualcomm/sd616_firmware
... and 10 more
Published
Sep 20, 2018
Tracked Since
Feb 18, 2026