CVE-2018-13910

HIGH

Qualcomm Snapdragon - Out-of-Bounds Read in TZ DDR Index Check

Title source: llm
STIX 2.1

Description

Out-of-Bounds access in TZ due to invalid index calculated to check against DDR in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCA8081, Qualcomm 215, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 650/52, SD 820, SD 820A, SDM439, Snapdragon_High_Med_2016

References (1)

Core 1
Core References

Scores

CVSS v3 7.8
EPSS 0.0021
EPSS Percentile 11.0%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-125
Status published
Products (25)
qualcomm/ipq8074_firmware
qualcomm/mdm9206_firmware
qualcomm/mdm9607_firmware
qualcomm/mdm9650_firmware
qualcomm/mdm9655_firmware
qualcomm/msm8996au_firmware
qualcomm/qca8081_firmware
qualcomm/qm215_firmware
qualcomm/sd_410_firmware
qualcomm/sd_412_firmware
... and 15 more
Published Jun 14, 2019
Tracked Since Feb 18, 2026