In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, the com.qualcomm.embms is a vendor package deployed in the system image which has an inadequate permission level and allows any application installed from Play Store to request this permission at install-time. The system application interfaces with the Radio Interface Layer leading to potential access control issue.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00037.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Qualcomm, Inc. Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear affected
Version Status Constraints
MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660 affected

Configuration 1 [-]

AND
cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:qualcomm:sd210_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd210:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:qualcomm:sd212_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd212:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:qualcomm:sd205_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd205:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:qualcomm:sd430_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd430:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:qualcomm:sd450_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd450:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:qualcomm:sd615_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd615:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:qualcomm:sd616_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd616:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:qualcomm:sd415_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd415:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:qualcomm:sd617_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd617:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:qualcomm:sd625_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd625:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:qualcomm:sd650_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd650:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:qualcomm:sd652_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd652:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:qualcomm:sd810_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd810:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:qualcomm:sd820_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd820:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:qualcomm:sd820a_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd820a:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:qualcomm:sd835_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd835:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:qualcomm:sd845_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sd845:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND
cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sda660:-:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors Products
Qualcomm Subscribe
Msm8909w Subscribe
Msm8909w Firmware Subscribe
Msm8996au Subscribe
Msm8996au Firmware Subscribe
Sd205 Subscribe
Sd205 Firmware Subscribe
Sd210 Subscribe
Sd210 Firmware Subscribe
Sd212 Subscribe
Sd212 Firmware Subscribe
Sd415 Subscribe
Sd415 Firmware Subscribe
Sd430 Subscribe
Sd430 Firmware Subscribe
Sd450 Subscribe
Sd450 Firmware Subscribe
Sd615 Subscribe
Sd615 Firmware Subscribe
Sd616 Subscribe
Sd616 Firmware Subscribe
Sd617 Subscribe
Sd617 Firmware Subscribe
Sd625 Subscribe
Sd625 Firmware Subscribe
Sd650 Subscribe
Sd650 Firmware Subscribe
Sd652 Subscribe
Sd652 Firmware Subscribe
Sd810 Subscribe
Sd810 Firmware Subscribe
Sd820 Subscribe
Sd820 Firmware Subscribe
Sd820a Subscribe
Sd820a Firmware Subscribe
Sd835 Subscribe
Sd835 Firmware Subscribe
Sd845 Subscribe
Sd845 Firmware Subscribe
Sda660 Subscribe
Sda660 Firmware Subscribe
Advisories
Source ID Title
EUVD EUVD EUVD-2018-3317 In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, the com.qualcomm.embms is a vendor package deployed in the system image which has an inadequate permission level and allows any application installed from Play Store to request this permission at install-time. The system application interfaces with the Radio Interface Layer leading to potential access control issue.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://www.qualcomm.com/company/product-security/bulletins cve-icon cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: qualcomm

Published:

Updated: 2024-08-05T08:01:52.986Z

Reserved: 2018-05-18T00:00:00

Link: CVE-2018-11277

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-09-20T13:29:01.167

Modified: 2024-11-21T03:43:02.667

Link: CVE-2018-11277

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses