CVE-2018-11828 — Uncontrolled Resource Consumption in INC Snapdragon Mobile

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 53.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qualcomm INC Snapdragon Mobile Google Android

Timeline

PublishedOct 26

Latest updateMay 14

Description

When FW tries to get random mac address generated from new SW RNG and ADC values read are constant then DUT get struck in loop while trying to get random ADC samples in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5qualcomm_inc/snapdragon_mobileSD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52

▶googlegoogle/android

🔴Vulnerability Details

GHSA

GHSA-6qj9-7qwq-529x: When FW tries to get random mac address generated from new SW RNG and ADC values read are constant then DUT get struck in loop while trying to get ran↗2022-05-14

▶

📋Vendor Advisories

Android

CVE-2018-11828: Closed-source component↗2019-04-01

▶