CVE-2018-5852

HIGH

Qualcomm MDM9206-MDM9650, MSM8909W, SD 210-845 Firmware - Buffer Over-read via IPA Driver NAT Entry Debugfs Command

Title source: llm

Description

An unsigned integer underflow vulnerability in IPA driver result into a buffer over-read while reading NAT entry using debugfs command 'cat /sys/kernel/debug/ipa/ip4_nat'

References (1)

Core 1

Core References

Vendor Advisory

https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html

Scores

CVSS v3 8.4

EPSS 0.0006

EPSS Percentile 17.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-126 CWE-191

Status published

Products (23)

qualcomm/mdm9206_firmware

qualcomm/mdm9607_firmware

qualcomm/mdm9640_firmware

qualcomm/mdm9650_firmware

qualcomm/msm8909w_firmware

qualcomm/sd_205_firmware

qualcomm/sd_210_firmware

qualcomm/sd_212_firmware

qualcomm/sd_415_firmware

qualcomm/sd_425_firmware

... and 13 more

Published Nov 26, 2024

Tracked Since Feb 18, 2026