CVE-2018-11846

MEDIUM

Snapdragon Mobile - Info Disclosure

Title source: llm

Description

The use of a non-time-constant memory comparison operation can lead to timing/side channel attacks in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 845, SD 850

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://www.qualcomm.com/company/product-security/bulletins

Scores

CVSS v3 4.7

EPSS 0.0010

EPSS Percentile 26.3%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (5)

qualcomm/sd_205_firmware

qualcomm/sd_210_firmware

qualcomm/sd_212_firmware

qualcomm/sd_845_firmware

qualcomm/sd_850_firmware

Published Oct 26, 2018

Tracked Since Feb 18, 2026