CVE-2018-13918

HIGH

Qualcomm Snapdragon and MDM Firmware - Buffer Overflow via Message Length Mismatch

Title source: llm
STIX 2.1

Description

kernel could return a received message length higher than expected, which leads to buffer overflow in a subsequent operation and stops normal operation in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 675, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM439, SDX24, SM7150

References (1)

Core 1
Core References

Scores

CVSS v3 7.8
EPSS 0.0003
EPSS Percentile 10.6%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (25)
qualcomm/mdm9150_firmware
qualcomm/mdm9206_firmware
qualcomm/mdm9607_firmware
qualcomm/mdm9650_firmware
qualcomm/msm8909w_firmware
qualcomm/qcs605_firmware
qualcomm/qm215_firmware
qualcomm/sd_425_firmware
qualcomm/sd_429_firmware
qualcomm/sd_439_firmware
... and 15 more
Published Apr 04, 2019
Tracked Since Feb 18, 2026