CVE-2018-5917

HIGH

Snapdragon Automobile/Snapdragon Mobile - Buffer Overflow

Title source: llm

Description

Possible buffer overflow in OEM crypto function due to improper input validation in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU, SD 425, SD 430, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://www.qualcomm.com/company/product-security/bulletins

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/105838

Scores

CVSS v3 7.8

EPSS 0.0010

EPSS Percentile 26.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (14)

qualcomm/msm8996au_firmware

qualcomm/sd_425_firmware

qualcomm/sd_430_firmware

qualcomm/sd_450_firmware

qualcomm/sd_625_firmware

qualcomm/sd_820_firmware

qualcomm/sd_820a_firmware

qualcomm/sd_835_firmware

qualcomm/sd_845_firmware

qualcomm/sd_850_firmware

... and 4 more

Published Nov 28, 2018

Tracked Since Feb 18, 2026