CVE-2018-11855
HIGHSnapdragon Auto/Mobile/Compute/Connectivity/CES/IOT - Buffer Overflow
Title source: llmDescription
If an end user makes use of SCP11 sample OCE code without modification it could lead to a buffer overflow when transmitting a CAPDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT and Snapdragon Mobile in versions MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 636, SD 820, SD 820A, SD 835, SD 8CX, SDA660, SDM630, SDM660.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.qualcomm.com/company/product-security/bulletins
Scores
CVSS v3
7.8
EPSS
0.0012
EPSS Percentile
30.6%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-190
Status
published
Products (17)
qualcomm/mdm9607_firmware
qualcomm/mdm9650_firmware
qualcomm/mdm9655_firmware
qualcomm/msm8996au_firmware
qualcomm/sd_205_firmware
qualcomm/sd_210_firmware
qualcomm/sd_212_firmware
qualcomm/sd_410_firmware
qualcomm/sd_412_firmware
qualcomm/sd_636_firmware
... and 7 more
Published
Feb 11, 2019
Tracked Since
Feb 18, 2026