CVE-2018-11846 - OpenCVE

The use of a non-time-constant memory comparison operation can lead to timing/side channel attacks in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 845, SD 850

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

AV:L/AC:M/Au:N/C:C/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Qualcomm	Sd 205 Sd 205 Firmware Sd 210 Sd 210 Firmware Sd 212 Sd 212 Firmware Sd 845 Sd 845 Firmware Sd 850 Sd 850 Firmware

Configuration 1 [-]

AND

cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*

cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*

cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*

cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.qualcomm.com/company/product-security/bulletins

History

No history.

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2018-10-26T13:00:00

Updated: 2024-08-05T08:17:09.282Z

Reserved: 2018-06-07T00:00:00

Link: CVE-2018-11846

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-10-26T13:29:01.200

Modified: 2018-12-10T19:10:06.257

Link: CVE-2018-11846

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Snapdragon Mobile", "vendor": "Qualcomm, Inc.", "versions": [{"status": "affected", "version": "SD 210/SD 212/SD 205, SD 845, SD 850"}]}], "datePublic": "2018-10-26T00:00:00", "descriptions": [{"lang": "en", "value": "The use of a non-time-constant memory comparison operation can lead to timing/side channel attacks in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 845, SD 850"}], "problemTypes": [{"descriptions": [{"description": "Information Exposure in Storage", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-26T12:57:01", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.qualcomm.com/company/product-security/bulletins"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@qualcomm.com", "ID": "CVE-2018-11846", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Snapdragon Mobile", "version": {"version_data": [{"version_value": "SD 210/SD 212/SD 205, SD 845, SD 850"}]}}]}, "vendor_name": "Qualcomm, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The use of a non-time-constant memory comparison operation can lead to timing/side channel attacks in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 845, SD 850"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Exposure in Storage"}]}]}, "references": {"reference_data": [{"name": "https://www.qualcomm.com/company/product-security/bulletins", "refsource": "CONFIRM", "url": "https://www.qualcomm.com/company/product-security/bulletins"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T08:17:09.282Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.qualcomm.com/company/product-security/bulletins"}]}]}, "cveMetadata": {"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2018-11846", "datePublished": "2018-10-26T13:00:00", "dateReserved": "2018-06-07T00:00:00", "dateUpdated": "2024-08-05T08:17:09.282Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "matchCriteriaId": "B2AFB212-F01A-4CEB-8DB4-2E0CC2308CB6", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0FA80D57-3191-47CF-AD3F-9F2D64E443FE", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C08BA58-2EBC-4A22-85A4-2ECD54693B9B", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0986EF1-0974-488E-84C4-6880F876CE55", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "matchCriteriaId": "3664D302-D22A-4B25-B534-3097AE2F8573", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "27110478-4C08-49E6-BD53-8BAAD9D5BD65", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0A2D2B3B-CB28-46AA-9117-A7FA371FDE80", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE18BF66-B0DB-48BB-B43A-56F01821F5A3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0C10C7CB-3B66-4F17-8146-6A85611E2BA9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*", "matchCriteriaId": "B9DA765F-53DE-4FB0-B825-6C11B3177641", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The use of a non-time-constant memory comparison operation can lead to timing/side channel attacks in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 845, SD 850"}, {"lang": "es", "value": "El uso de una operaci\u00f3n de comparaci\u00f3n de memoria sin constante de tiempo puede conducir a ataques de sincronizaci\u00f3n/canal lateral en Snapdragon Mobile en versiones SD 210/SD 212/SD 205, SD 845 y SD 850."}], "id": "CVE-2018-11846", "lastModified": "2018-12-10T19:10:06.257", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.7, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-26T13:29:01.200", "references": [{"source": "product-security@qualcomm.com", "tags": ["Vendor Advisory"], "url": "https://www.qualcomm.com/company/product-security/bulletins"}], "sourceIdentifier": "product-security@qualcomm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}