CVE-2018-13909
HIGHQualcomm Snapdragon Firmware - Race Condition in Bootloader Metadata Verification
Title source: llmDescription
Metadata verification and partial hash system calls by bootloader may corrupt parallel hashing state in progress resulting in unexpected behavior in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, Qualcomm 215, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.qualcomm.com/company/product-security/bulletins
Scores
CVSS v3
7.0
EPSS
0.0003
EPSS Percentile
7.6%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-362
Status
published
Products (30)
qualcomm/mdm9206_firmware
qualcomm/mdm9607_firmware
qualcomm/mdm9650_firmware
qualcomm/mdm9655_firmware
qualcomm/qcs605_firmware
qualcomm/qm215_firmware
qualcomm/sd_410_firmware
qualcomm/sd_412_firmware
qualcomm/sd_425_firmware
qualcomm/sd_427_firmware
... and 20 more
Published
Jun 14, 2019
Tracked Since
Feb 18, 2026