Vulnerabilities > CVE-2018-11982 - Double Free vulnerability in Qualcomm products

CVSS 8.8 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

qualcomm

CWE-415

NVD

Published: 2018-09-20

Updated: 2018-11-23

Summary

In Snapdragon (Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016, a double free of ASN1 heap memory used for EUTRA CAP container occurs during UTRAN to LTE Capability inquiry procedure.

Vulnerable Configurations

Part	Description	Count
OS	Qualcomm Qualcomm Mdm9206 Firmware - Qualcomm Mdm9607 Firmware - Qualcomm Mdm9635M Firmware - Qualcomm Mdm9640 Firmware - Qualcomm Mdm9645 Firmware - Qualcomm Mdm9655 Firmware - Qualcomm Msm8909W Firmware - Qualcomm Msm8996Au Firmware - Qualcomm Sd210 Firmware - Qualcomm Sd212 Firmware - Qualcomm Sd205 Firmware - Qualcomm Sd410 Firmware - Qualcomm Sd412 Firmware - Qualcomm Sd425 Firmware - Qualcomm Sd427 Firmware - Qualcomm Sd430 Firmware - Qualcomm Sd435 Firmware - Qualcomm Sd450 Firmware - Qualcomm Sd615 Firmware - Qualcomm Sd616 Firmware - Qualcomm Sd415 Firmware - Qualcomm Sd617 Firmware - Qualcomm Sd625 Firmware - Qualcomm Sd650 Firmware - Qualcomm Sd652 Firmware - Qualcomm Sd810 Firmware - Qualcomm Sd820 Firmware - Qualcomm Sd835 Firmware -	28
Hardware	Qualcomm Qualcomm Mdm9206 - Qualcomm Mdm9607 - Qualcomm Mdm9635M - Qualcomm Mdm9640 - Qualcomm Mdm9645 - Qualcomm Mdm9655 - Qualcomm Msm8909W - Qualcomm Msm8996Au - Qualcomm Sd210 - Qualcomm Sd212 - Qualcomm Sd205 - Qualcomm Sd410 - Qualcomm Sd412 - Qualcomm Sd425 - Qualcomm Sd427 - Qualcomm Sd430 - Qualcomm Sd435 - Qualcomm Sd450 - Qualcomm Sd615 - Qualcomm Sd616 - Qualcomm Sd415 - Qualcomm Sd617 - Qualcomm Sd625 - Qualcomm Sd650 - Qualcomm Sd652 - Qualcomm Sd810 - Qualcomm Sd820 - Qualcomm Sd835 -	28

Common Weakness Enumeration (CWE)

CWE-415 - Double Free

References

https://www.qualcomm.com/company/product-security/bulletins