Vulnerabilities > CVE-2018-11838 - Double Free vulnerability in Qualcomm products

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

qualcomm

CWE-415

NVD

Published: 2020-03-05

Updated: 2020-03-05

Summary

Possible double free issue in WLAN due to lack of checking memory free condition. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, MDM9640, SDA660, SDM636, SDM660, SDX20

Vulnerable Configurations

Part	Description	Count
OS	Qualcomm Qualcomm Apq8053 Firmware - Qualcomm Mdm9640 Firmware - Qualcomm Sda660 Firmware - Qualcomm Sdm636 Firmware - Qualcomm Sdm660 Firmware - Qualcomm Sdx20 Firmware -	6
Hardware	Qualcomm Qualcomm Apq8053 - Qualcomm Mdm9640 - Qualcomm Sda660 - Qualcomm Sdm636 - Qualcomm Sdm660 - Qualcomm Sdx20 -	6

Common Weakness Enumeration (CWE)

CWE-415 - Double Free

References

https://www.qualcomm.com/company/product-security/bulletins/march-2020-bulletin