CVE-2018-11845
Last modified
CVE-2018-11845 is a vulnerability of currently unknown severity. Usage of non-time-constant comparison functions can lead to information leakage through side channel analysis in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in versions MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130.. EPSS estimates a 0.23% chance of exploitation in the next 30 days.
Description
Usage of non-time-constant comparison functions can lead to information leakage through side channel analysis in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in versions MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Mdm9150 Firmware | All versions |
| Qualcomm | Mdm9206 Firmware | All versions |
| Qualcomm | Mdm9607 Firmware | All versions |
| Qualcomm | Mdm9650 Firmware | All versions |
| Qualcomm | Mdm9655 Firmware | All versions |
| Qualcomm | Msm8996au Firmware | All versions |
| Qualcomm | Qcs605 Firmware | All versions |
| Qualcomm | Sd 210 Firmware | All versions |
| Qualcomm | Sd 212 Firmware | All versions |
| Qualcomm | Sd 205 Firmware | All versions |
| Qualcomm | Sd 410 Firmware | All versions |
| Qualcomm | Sd 412 Firmware | All versions |
| Qualcomm | Sd 425 Firmware | All versions |
| Qualcomm | Sd 427 Firmware | All versions |
| Qualcomm | Sd 430 Firmware | All versions |
| Qualcomm | Sd 435 Firmware | All versions |
| Qualcomm | Sd 439 Firmware | All versions |
| Qualcomm | Sd 429 Firmware | All versions |
| Qualcomm | Sd 450 Firmware | All versions |
| Qualcomm | Sd 625 Firmware | All versions |
| Qualcomm | Sd 632 Firmware | All versions |
| Qualcomm | Sd 636 Firmware | All versions |
| Qualcomm | Sd 650 Firmware | All versions |
| Qualcomm | Sd 652 Firmware | All versions |
| Qualcomm | Sd 675 Firmware | All versions |
| Qualcomm | Sd 712 Firmware | All versions |
| Qualcomm | Sd 710 Firmware | All versions |
| Qualcomm | Sd 670 Firmware | All versions |
| Qualcomm | Sd 820 Firmware | All versions |
| Qualcomm | Sd 820a Firmware | All versions |
| Qualcomm | Sd 835 Firmware | All versions |
| Qualcomm | Sd 845 Firmware | All versions |
| Qualcomm | Sd 850 Firmware | All versions |
| Qualcomm | Sd 8cx Firmware | All versions |
| Qualcomm | Sda660 Firmware | All versions |
| Qualcomm | Sdm439 Firmware | All versions |
| Qualcomm | Sdm630 Firmware | All versions |
| Qualcomm | Sdm660 Firmware | All versions |
| Qualcomm | Snapdragon High Med 2016 Firmware | All versions |
| Qualcomm | Sxr1130 Firmware | All versions |
References
- http://www.securityfocus.com/bid/106845Third Party Advisory, VDB Entry
- https://www.qualcomm.com/company/product-security/bulletinsVendor Advisory
- http://www.securityfocus.com/bid/106845Third Party Advisory, VDB Entry
- https://www.qualcomm.com/company/product-security/bulletinsVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-11845?
How severe is CVE-2018-11845?
How do I fix CVE-2018-11845?
Are you affected by CVE-2018-11845?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST