7.8 - CVE-2018-5913

Executive Summary

Informations
Name	CVE-2018-5913	First vendor Publication	2019-06-14
Vendor	Cve	Last vendor Modification	2019-06-17

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score	7.8
Base Score	7.8	Environmental Score	7.8
impact SubScore	5.9	Temporal Score	7.8
Exploitabality Sub Score	1.8

Attack Vector	Local	Attack Complexity	Low
Privileges Required	Low	User Interaction	None
Scope	Unchanged	Confidentiality Impact	High
Integrity Impact	High	Availability Impact	High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	7.2	Attack Range	Local
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	3.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A non-time constant function memcmp is used which creates a side channel that could leak information in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5913

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-310	Cryptographic Issues

CPE : Common Platform Enumeration

Type	Description	Count
Os	Qualcomm Mdm9150 Firmware cpe:2.3:o:qualcomm:mdm9150_firmware:-:::::::*	1
Os	Qualcomm Mdm9206 Firmware cpe:2.3:o:qualcomm:mdm9206_firmware:-:::::::*	1
Os	Qualcomm Mdm9607 Firmware cpe:2.3:o:qualcomm:mdm9607_firmware:-:::::::*	1
Os	Qualcomm Mdm9625 Firmware cpe:2.3:o:qualcomm:mdm9625_firmware:-:::::::*	1
Os	Qualcomm Mdm9635M Firmware cpe:2.3:o:qualcomm:mdm9635m_firmware:-:::::::*	1
Os	Qualcomm Mdm9640 Firmware cpe:2.3:o:qualcomm:mdm9640_firmware:-:::::::*	1
Os	Qualcomm Mdm9650 Firmware cpe:2.3:o:qualcomm:mdm9650_firmware:-:::::::*	1
Os	Qualcomm Mdm9655 Firmware cpe:2.3:o:qualcomm:mdm9655_firmware:-:::::::*	1
Os	Qualcomm Msm8909W Firmware cpe:2.3:o:qualcomm:msm8909w_firmware:-:::::::*	1
Os	Qualcomm Msm8996Au Firmware cpe:2.3:o:qualcomm:msm8996au_firmware:-:::::::*	1
Os	Qualcomm Qcs405 Firmware cpe:2.3:o:qualcomm:qcs405_firmware:-:::::::*	1
Os	Qualcomm Qcs605 Firmware cpe:2.3:o:qualcomm:qcs605_firmware:-:::::::*	1
Os	Qualcomm Qm215 Firmware cpe:2.3:o:qualcomm:qm215_firmware:-:::::::*	1
Os	Qualcomm Sd 205 Firmware cpe:2.3:o:qualcomm:sd_205_firmware:-:::::::*	1
Os	Qualcomm Sd 210 Firmware cpe:2.3:o:qualcomm:sd_210_firmware:-:::::::*	1
Os	Qualcomm Sd 212 Firmware cpe:2.3:o:qualcomm:sd_212_firmware:-:::::::*	1
Os	Qualcomm Sd 410 Firmware cpe:2.3:o:qualcomm:sd_410_firmware:-:::::::*	1
Os	Qualcomm Sd 412 Firmware cpe:2.3:o:qualcomm:sd_412_firmware:-:::::::*	1
Os	Qualcomm Sd 415 Firmware cpe:2.3:o:qualcomm:sd_415_firmware:-:::::::*	1
Os	Qualcomm Sd 425 Firmware cpe:2.3:o:qualcomm:sd_425_firmware:-:::::::*	1
Os	Qualcomm Sd 427 Firmware cpe:2.3:o:qualcomm:sd_427_firmware:-:::::::*	1
Os	Qualcomm Sd 429 Firmware cpe:2.3:o:qualcomm:sd_429_firmware:-:::::::*	1
Os	Qualcomm Sd 430 Firmware cpe:2.3:o:qualcomm:sd_430_firmware:-:::::::*	1
Os	Qualcomm Sd 435 Firmware cpe:2.3:o:qualcomm:sd_435_firmware:-:::::::*	1
Os	Qualcomm Sd 439 Firmware cpe:2.3:o:qualcomm:sd_439_firmware:-:::::::*	1
Os	Qualcomm Sd 450 Firmware cpe:2.3:o:qualcomm:sd_450_firmware:-:::::::*	1
Os	Qualcomm Sd 615 Firmware cpe:2.3:o:qualcomm:sd_615_firmware:-:::::::*	1
Os	Qualcomm Sd 616 Firmware cpe:2.3:o:qualcomm:sd_616_firmware:-:::::::*	1
Os	Qualcomm Sd 625 Firmware cpe:2.3:o:qualcomm:sd_625_firmware:-:::::::*	1
Os	Qualcomm Sd 632 Firmware cpe:2.3:o:qualcomm:sd_632_firmware:-:::::::*	1
Os	Qualcomm Sd 636 Firmware cpe:2.3:o:qualcomm:sd_636_firmware:-:::::::*	1
Os	Qualcomm Sd 650 Firmware cpe:2.3:o:qualcomm:sd_650_firmware:-:::::::*	1
Os	Qualcomm Sd 652 Firmware cpe:2.3:o:qualcomm:sd_652_firmware:-:::::::*	1
Os	Qualcomm Sd 670 Firmware cpe:2.3:o:qualcomm:sd_670_firmware:-:::::::*	1
Os	Qualcomm Sd 675 Firmware cpe:2.3:o:qualcomm:sd_675_firmware:-:::::::*	1
Os	Qualcomm Sd 710 Firmware cpe:2.3:o:qualcomm:sd_710_firmware:-:::::::*	1
Os	Qualcomm Sd 712 Firmware cpe:2.3:o:qualcomm:sd_712_firmware:-:::::::*	1
Os	Qualcomm Sd 730 Firmware cpe:2.3:o:qualcomm:sd_730_firmware:-:::::::*	1
Os	Qualcomm Sd 820 Firmware cpe:2.3:o:qualcomm:sd_820_firmware:-:::::::*	1
Os	Qualcomm Sd 820A Firmware cpe:2.3:o:qualcomm:sd_820a_firmware:-:::::::*	1
Os	Qualcomm Sd 835 Firmware cpe:2.3:o:qualcomm:sd_835_firmware:-:::::::*	1
Os	Qualcomm Sd 845 Firmware cpe:2.3:o:qualcomm:sd_845_firmware:-:::::::*	1
Os	Qualcomm Sd 850 Firmware cpe:2.3:o:qualcomm:sd_850_firmware:-:::::::*	1
Os	Qualcomm Sd 855 Firmware cpe:2.3:o:qualcomm:sd_855_firmware:-:::::::*	1
Os	Qualcomm Sd 8Cx Firmware cpe:2.3:o:qualcomm:sd_8cx_firmware:-:::::::*	1
Os	Qualcomm Sda660 Firmware cpe:2.3:o:qualcomm:sda660_firmware:-:::::::*	1
Os	Qualcomm Sdm439 Firmware cpe:2.3:o:qualcomm:sdm439_firmware:-:::::::*	1
Os	Qualcomm Sdm630 Firmware cpe:2.3:o:qualcomm:sdm630_firmware:-:::::::*	1
Os	Qualcomm Sdm660 Firmware cpe:2.3:o:qualcomm:sdm660_firmware:-:::::::*	1
Os	Qualcomm Snapdragon High Med 2016 Firmware cpe:2.3:o:qualcomm:snapdragon_high_med_2016_firmware:-:::::::*	1
Os	Qualcomm Sxr1130 Firmware cpe:2.3:o:qualcomm:sxr1130_firmware:-:::::::*	1

Sources (Detail)

Source	Url
CONFIRM	https://www.qualcomm.com/company/product-security/bulletins

Alert History

If you want to see full details history, please login or register.

Date	Informations
2020-05-23 01:15:18	Multiple Updates
2019-06-18 00:18:58	Multiple Updates
2019-06-14 21:19:40	First insertion

Type	Count
CWE ID(s)	1
CPE ID(s)	51
Sources(s)	1

7.8 - CVE-2018-5913

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Sources (Detail)

Alert History

Global Informations

Open Standards

COMPANY

STANDARDS

RECENT POSTS

MENU