1. Home
  2. CVE Database
  3. CVE-2018-13904
CRITICAL · 9.8

CVE-2018-13904

Improper input validation in SCM handler to access storage in TZ can lead to unauthorized access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consum...

Vulnerability Description

Improper input validation in SCM handler to access storage in TZ can lead to unauthorized access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in versions MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 410/12, SD 675, SD 712 / SD 710 / SD 670, SD 8CX, SXR1130.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
QualcommMdm9206 Firmware-
QualcommMdm9206-
QualcommMdm9607 Firmware-
QualcommMdm9607-
QualcommMdm9650 Firmware-
QualcommMdm9650-
QualcommMdm9655 Firmware-
QualcommMdm9655-
QualcommQcs605 Firmware-
QualcommQcs605-
QualcommSd 410 Firmware-
QualcommSd 410-
QualcommSd 12 Firmware-
QualcommSd 12-
QualcommSd 675 Firmware-
QualcommSd 675-
QualcommSd 712 Firmware-
QualcommSd 712-
QualcommSd 710 Firmware-
QualcommSd 710-

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2018-13904?

CVE-2018-13904 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Improper input validation in SCM handler to access storage in TZ can lead to unauthorized access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consum...

How severe is CVE-2018-13904?

CVE-2018-13904 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-13904?

Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Mdm9206 Firmware, Qualcomm Mdm9206, Qualcomm Mdm9607 Firmware, Qualcomm Mdm9607, Qualcomm Mdm9650 Firmware.