CVE-2018-13920

EPSS 0.04%
Published 24.05.2019 17:29:02
Last modified 21.11.2024 03:48:20
Source product-security@qualcomm.com
Teams watchlist Login
Open Login

Use-after-free condition due to Improper handling of hrtimers when the PMU driver tries to access its events in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SD 855, SDM439, SDM630, SDM660, SDX24

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Qualcomm ≫ Mdm9206 Firmware Version-

Qualcomm ≫ Mdm9206 Version-

Qualcomm ≫ Mdm9607 Firmware Version-

Qualcomm ≫ Mdm9607 Version-

Qualcomm ≫ Mdm9650 Firmware Version-

Qualcomm ≫ Mdm9650 Version-

Qualcomm ≫ Msm8909w Firmware Version-

Qualcomm ≫ Msm8909w Version-

Qualcomm ≫ Qcs605 Firmware Version-

Qualcomm ≫ Qcs605 Version-

Qualcomm ≫ Qm215 Firmware Version-

Qualcomm ≫ Qm215 Version-

Qualcomm ≫ Sd 425 Firmware Version-

Qualcomm ≫ Sd 425 Version-

Qualcomm ≫ Sd 439 Firmware Version-

Qualcomm ≫ Sd 439 Version-

Qualcomm ≫ Sd 429 Firmware Version-

Qualcomm ≫ Sd 429 Version-

Qualcomm ≫ Sd 450 Firmware Version-

Qualcomm ≫ Sd 450 Version-

Qualcomm ≫ Sd 625 Firmware Version-

Qualcomm ≫ Sd 625 Version-

Qualcomm ≫ Sd 632 Firmware Version-

Qualcomm ≫ Sd 632 Version-

Qualcomm ≫ Sd 636 Firmware Version-

Qualcomm ≫ Sd 636 Version-

Qualcomm ≫ Sd 712 Firmware Version-

Qualcomm ≫ Sd 712 Version-

Qualcomm ≫ Sd 710 Firmware Version-

Qualcomm ≫ Sd 710 Version-

Qualcomm ≫ Sd 670 Firmware Version-

Qualcomm ≫ Sd 670 Version-

Qualcomm ≫ Sd 820a Firmware Version-

Qualcomm ≫ Sd 820a Version-

Qualcomm ≫ Sd 845 Firmware Version-

Qualcomm ≫ Sd 845 Version-

Qualcomm ≫ Sd 850 Firmware Version-

Qualcomm ≫ Sd 850 Version-

Qualcomm ≫ Sd 855 Firmware Version-

Qualcomm ≫ Sd 855 Version-

Qualcomm ≫ Sdm439 Firmware Version-

Qualcomm ≫ Sdm439 Version-

Qualcomm ≫ Sdm630 Firmware Version-

Qualcomm ≫ Sdm630 Version-

Qualcomm ≫ Sdm660 Firmware Version-

Qualcomm ≫ Sdm660 Version-

Qualcomm ≫ Sdx24 Firmware Version-

Qualcomm ≫ Sdx24 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.093

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://www.codeaurora.org/security-bulletin/2019/04/01/april-2019-code-aurora-security-bulletin

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-13920

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-13920

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-13920

EUVD