CVE-2018-11816 - Vulnerability Details

Crafted Binder Request Causes Heap UAF in MediaServer

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00041.

Exploitation none

Automatable no

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Qualcomm, Inc.

Snapdragon

unaffected

Version	Status	Constraints
`9206 LTE Modem`	affected	—
`APQ8016`	affected	—
`APQ8017`	affected	—
`APQ8039`	affected	—
`APQ8052`	affected	—
`APQ8056`	affected	—
`APQ8076`	affected	—
`AQT1000`	affected	—
`AR6003`	affected	—
`SD660`	affected	—
`SD670`	affected	—
`SD820`	affected	—
`SD821`	affected	—
`SD835`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:qualcomm:9206_lte_modem_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:9206_lte_modem:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:qualcomm:apq8016_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:apq8016:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:qualcomm:apq8017_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:apq8017:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:qualcomm:apq8039_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:apq8039:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:qualcomm:apq8052_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:apq8052:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:qualcomm:apq8056_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:apq8056:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:qualcomm:apq8076_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:apq8076:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:qualcomm:aqt1000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:aqt1000:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:qualcomm:ar6003_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:ar6003:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:qualcomm:sd660_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd660:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:qualcomm:sd670_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd670:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:qualcomm:sd820_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd820:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:qualcomm:sd821_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd821:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:qualcomm:sd835_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd835:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Qualcomm Subscribe	9206 Lte Modem Subscribe 9206 Lte Modem Firmware Subscribe Apq8016 Subscribe Apq8016 Firmware Subscribe Apq8017 Subscribe Apq8017 Firmware Subscribe Apq8039 Subscribe Apq8039 Firmware Subscribe Apq8052 Subscribe Apq8052 Firmware Subscribe Apq8056 Subscribe Apq8056 Firmware Subscribe Apq8076 Subscribe Apq8076 Firmware Subscribe Aqt1000 Subscribe Aqt1000 Firmware Subscribe Ar6003 Subscribe Ar6003 Firmware Subscribe Sd660 Subscribe Sd660 Firmware Subscribe Sd670 Subscribe Sd670 Firmware Subscribe Sd820 Subscribe Sd820 Firmware Subscribe Sd821 Subscribe Sd821 Firmware Subscribe Sd835 Subscribe Sd835 Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2018-3808	Crafted Binder Request Causes Heap UAF in MediaServer

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html

History

Thu, 06 Feb 2025 17:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Qualcomm 9206 Lte Modem Qualcomm apq8016 Qualcomm apq8017 Qualcomm apq8039 Qualcomm apq8052 Qualcomm apq8056 Qualcomm apq8076 Qualcomm aqt1000 Qualcomm ar6003 Qualcomm sd660 Qualcomm sd670 Qualcomm sd820 Qualcomm sd821 Qualcomm sd835
CPEs		cpe:2.3:h:qualcomm:9206_lte_modem:-:::::::* cpe:2.3:h:qualcomm:apq8016:-:::::::* cpe:2.3:h:qualcomm:apq8017:-:::::::* cpe:2.3:h:qualcomm:apq8039:-:::::::* cpe:2.3:h:qualcomm:apq8052:-:::::::* cpe:2.3:h:qualcomm:apq8056:-:::::::* cpe:2.3:h:qualcomm:apq8076:-:::::::* cpe:2.3:h:qualcomm:aqt1000:-:::::::* cpe:2.3:h:qualcomm:ar6003:-:::::::* cpe:2.3:h:qualcomm:sd660:-:::::::* cpe:2.3:h:qualcomm:sd670:-:::::::* cpe:2.3:h:qualcomm:sd820:-:::::::* cpe:2.3:h:qualcomm:sd821:-:::::::* cpe:2.3:h:qualcomm:sd835:-:::::::*
Vendors & Products		Qualcomm 9206 Lte Modem Qualcomm apq8016 Qualcomm apq8017 Qualcomm apq8039 Qualcomm apq8052 Qualcomm apq8056 Qualcomm apq8076 Qualcomm aqt1000 Qualcomm ar6003 Qualcomm sd660 Qualcomm sd670 Qualcomm sd820 Qualcomm sd821 Qualcomm sd835

Tue, 26 Nov 2024 16:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Qualcomm Qualcomm 9206 Lte Modem Firmware Qualcomm apq8016 Firmware Qualcomm apq8017 Firmware Qualcomm apq8039 Firmware Qualcomm apq8052 Firmware Qualcomm apq8056 Firmware Qualcomm apq8076 Firmware Qualcomm aqt1000 Firmware Qualcomm ar6003 Firmware Qualcomm sd660 Firmware Qualcomm sd670 Firmware Qualcomm sd820 Firmware Qualcomm sd821 Firmware Qualcomm sd835 Firmware
CPEs		cpe:2.3:o:qualcomm:9206_lte_modem_firmware:-:::::::* cpe:2.3:o:qualcomm:apq8016_firmware:-:::::::* cpe:2.3:o:qualcomm:apq8017_firmware:-:::::::* cpe:2.3:o:qualcomm:apq8039_firmware:-:::::::* cpe:2.3:o:qualcomm:apq8052_firmware:-:::::::* cpe:2.3:o:qualcomm:apq8056_firmware:-:::::::* cpe:2.3:o:qualcomm:apq8076_firmware:-:::::::* cpe:2.3:o:qualcomm:aqt1000_firmware:-:::::::* cpe:2.3:o:qualcomm:ar6003_firmware:-:::::::* cpe:2.3:o:qualcomm:sd660_firmware:-:::::::* cpe:2.3:o:qualcomm:sd670_firmware:-:::::::* cpe:2.3:o:qualcomm:sd820_firmware:-:::::::* cpe:2.3:o:qualcomm:sd821_firmware:-:::::::* cpe:2.3:o:qualcomm:sd835_firmware:-:::::::*
Vendors & Products		Qualcomm Qualcomm 9206 Lte Modem Firmware Qualcomm apq8016 Firmware Qualcomm apq8017 Firmware Qualcomm apq8039 Firmware Qualcomm apq8052 Firmware Qualcomm apq8056 Firmware Qualcomm apq8076 Firmware Qualcomm aqt1000 Firmware Qualcomm ar6003 Firmware Qualcomm sd660 Firmware Qualcomm sd670 Firmware Qualcomm sd820 Firmware Qualcomm sd821 Firmware Qualcomm sd835 Firmware
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 26 Nov 2024 14:15:00 +0000

Type	Values Removed	Values Added
Description		Crafted Binder Request Causes Heap UAF in MediaServer
Title		Use After Free in Video
Weaknesses		CWE-416
References		https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2024-11-26T13:56:24.297Z

Updated: 2024-11-26T15:57:56.731Z

Reserved: 2018-06-07T00:00:00.000Z

Link: CVE-2018-11816

Vulnrichment

Updated: 2024-11-26T14:50:07.924Z

NVD

Status : Analyzed

Published: 2024-11-26T14:15:17.723

Modified: 2025-02-06T16:41:05.897

Link: CVE-2018-11816

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-416

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object