1. Home
  2. CVE Database
  3. CVE-2018-5914
HIGH · 7.8

CVE-2018-5914

Improper input validation in TZ led to array out of bound in TZ function while accessing the peripheral details using the incoming data in Snapdragon Mobile, Snapdragon Wear version MDM9206, MDM9607, ...

Vulnerability Description

Improper input validation in TZ led to array out of bound in TZ function while accessing the peripheral details using the incoming data in Snapdragon Mobile, Snapdragon Wear version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
QualcommMdm9206 Firmware-
QualcommMdm9206-
QualcommMdm9607 Firmware-
QualcommMdm9607-
QualcommMdm9650 Firmware-
QualcommMdm9650-
QualcommSd 210 Firmware-
QualcommSd 210-
QualcommSd 212 Firmware-
QualcommSd 212-
QualcommSd 205 Firmware-
QualcommSd 205-
QualcommSd 425 Firmware-
QualcommSd 425-
QualcommSd 430 Firmware-
QualcommSd 430-
QualcommSd 450 Firmware-
QualcommSd 450-
QualcommSd 625 Firmware-
QualcommSd 625-

Related Weaknesses (CWE)

CWE-129

References

FAQ

What is CVE-2018-5914?

CVE-2018-5914 is a vulnerability with a CVSS score of 7.8 (HIGH). Improper input validation in TZ led to array out of bound in TZ function while accessing the peripheral details using the incoming data in Snapdragon Mobile, Snapdragon Wear version MDM9206, MDM9607, ...

How severe is CVE-2018-5914?

CVE-2018-5914 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-5914?

Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Mdm9206 Firmware, Qualcomm Mdm9206, Qualcomm Mdm9607 Firmware, Qualcomm Mdm9607, Qualcomm Mdm9650 Firmware.