CVE-2018-11925

HIGH

Qualcomm Snapdragon Firmware - Buffer Overflow via Unvalidated Data Length

Title source: llm
STIX 2.1

Description

Data length received from firmware is not validated against the max allowed size which can result in buffer overflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24

References (1)

Core 1
Core References

Scores

CVSS v3 7.8
EPSS 0.0004
EPSS Percentile 11.4%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-190
Status published
Products (28)
qualcomm/ipq4019_firmware
qualcomm/ipq8064_firmware
qualcomm/ipq8074_firmware
qualcomm/mdm9150_firmware
qualcomm/mdm9206_firmware
qualcomm/mdm9607_firmware
qualcomm/mdm9640_firmware
qualcomm/mdm9650_firmware
qualcomm/qcs605_firmware
qualcomm/sd_425_firmware
... and 18 more
Published May 24, 2019
Tracked Since Feb 18, 2026