CVE-2018-11950Improper Input Validation in INC Snapdragon Mobile

CWE-20Improper Input Validation3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 73.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qualcomm INC Snapdragon MobileGoogle Android
Timeline
PublishedOct 26
Latest updateMay 14

Description

Unapproved TrustZone applications can be loaded and executed in Snapdragon Mobile in version SD 845, SD 850

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5qualcomm_inc/snapdragon_mobileSD 845, SD 850

🔴Vulnerability Details

1
GHSA
GHSA-9m2m-729g-q827: Unapproved TrustZone applications can be loaded and executed in Snapdragon Mobile in version SD 845, SD 8502022-05-14

📋Vendor Advisories

1
Android
CVE-2018-11950: Closed-source component2018-09-01