diff --git a/2017/18xxx/CVE-2017-18124.json b/2017/18xxx/CVE-2017-18124.json index 132ef61eeb3..d6353cc34ff 100644 --- a/2017/18xxx/CVE-2017-18124.json +++ b/2017/18xxx/CVE-2017-18124.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2017-18124", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version" : { + "version_data" : [ + { + "version_value" : "FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "During secure boot, addition is performed on uint8 ptrs which led to overflow issue in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Use of Out-of-range Pointer Offset in Core" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } diff --git a/2017/18xxx/CVE-2017-18308.json b/2017/18xxx/CVE-2017-18308.json index a6a5302c4e7..72d8027d2b3 100644 --- a/2017/18xxx/CVE-2017-18308.json +++ b/2017/18xxx/CVE-2017-18308.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2017-18308", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Mobile, Snapdragon Wear", + "version" : { + "version_data" : [ + { + "version_value" : "MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Modem segments are unlocked after authentication, leaving modem segments open to all in Snapdragon Mobile, Snapdragon Wear in version MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Improper Access Control in Core Services" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } diff --git a/2017/18xxx/CVE-2017-18309.json b/2017/18xxx/CVE-2017-18309.json index 2132ae0c6d2..e01aff72bbd 100644 --- a/2017/18xxx/CVE-2017-18309.json +++ b/2017/18xxx/CVE-2017-18309.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2017-18309", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Mobile", + "version" : { + "version_data" : [ + { + "version_value" : "SD 845, SD 850" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,8 +34,30 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "A micro-core of QMP transportation may cause a macro-core to read from or write to arbitrary memory in Snapdragon Mobile in version SD 845, SD 850." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Improper Validation of Array Index in G-Link" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } } + diff --git a/2017/18xxx/CVE-2017-18310.json b/2017/18xxx/CVE-2017-18310.json index 6886a1aea1f..10708a0160e 100644 --- a/2017/18xxx/CVE-2017-18310.json +++ b/2017/18xxx/CVE-2017-18310.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2017-18310", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version" : { + "version_data" : [ + { + "version_value" : "MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,8 +34,30 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "ClientEnv exposes services 0-32 to HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Improper Access Control in TZ" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } } + diff --git a/2017/18xxx/CVE-2017-18311.json b/2017/18xxx/CVE-2017-18311.json index 78e054b7efe..cac30beeaae 100644 --- a/2017/18xxx/CVE-2017-18311.json +++ b/2017/18xxx/CVE-2017-18311.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2017-18311", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version" : { + "version_data" : [ + { + "version_value" : "MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,8 +34,30 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "XPU Master privilege escalation is possible due to improper access control of unused configuration xPU ports where unused configuration ports are open in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Improper access control of unused configuration xPU ports" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } } + diff --git a/2018/11xxx/CVE-2018-11305.json b/2018/11xxx/CVE-2018-11305.json index 7dfcf369921..f0c631791b6 100644 --- a/2018/11xxx/CVE-2018-11305.json +++ b/2018/11xxx/CVE-2018-11305.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2018-11305", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version" : { + "version_data" : [ + { + "version_value" : "MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,8 +34,30 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "When a series of FDAL messages are sent to the modem, a Use After Free condition can occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Use After Free in GPS" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } } + diff --git a/2018/11xxx/CVE-2018-11821.json b/2018/11xxx/CVE-2018-11821.json index 311b7da90ec..401c6a303e3 100644 --- a/2018/11xxx/CVE-2018-11821.json +++ b/2018/11xxx/CVE-2018-11821.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2018-11821", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Mobile, Snapdragon Wear", + "version" : { + "version_data" : [ + { + "version_value" : "IPQ8074, MDM9206, MDM9607, MDM9650, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,8 +34,30 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Possible integer overflow may happen in WLAN during memory allocation in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Integer Overflow or Wraparound in WLAN" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } } + diff --git a/2018/11xxx/CVE-2018-11822.json b/2018/11xxx/CVE-2018-11822.json index 3ee1fdb21f3..dab7d659e41 100644 --- a/2018/11xxx/CVE-2018-11822.json +++ b/2018/11xxx/CVE-2018-11822.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2018-11822", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Mobile", + "version" : { + "version_data" : [ + { + "version_value" : "SD 835, SD 845, SD 850, SDA660" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "A possible integer overflow may happen in WLAN during memory allocation in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Integer Overflow or Wraparound in WLAN" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } diff --git a/2018/11xxx/CVE-2018-11824.json b/2018/11xxx/CVE-2018-11824.json index 26b2f773ac9..9ab09626edc 100644 --- a/2018/11xxx/CVE-2018-11824.json +++ b/2018/11xxx/CVE-2018-11824.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2018-11824", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Mobile, Snapdragon Wear", + "version" : { + "version_data" : [ + { + "version_value" : "MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850, SDA660" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "A stack-based buffer overflow can occur in a firmware routine in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850, SDA660" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Stack-based Buffer Overflow in TrustZone" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } diff --git a/2018/11xxx/CVE-2018-11828.json b/2018/11xxx/CVE-2018-11828.json index a28176ebf89..c49c233dda5 100644 --- a/2018/11xxx/CVE-2018-11828.json +++ b/2018/11xxx/CVE-2018-11828.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2018-11828", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Mobile", + "version" : { + "version_data" : [ + { + "version_value" : "SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,8 +34,30 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "When FW tries to get random mac address generated from new SW RNG and ADC values read are constant then DUT get struck in loop while trying to get random ADC samples in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Uncontrolled Resource Consumption in WLAN" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } } + diff --git a/2018/11xxx/CVE-2018-11846.json b/2018/11xxx/CVE-2018-11846.json index a066d6420bb..683941d82f3 100644 --- a/2018/11xxx/CVE-2018-11846.json +++ b/2018/11xxx/CVE-2018-11846.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2018-11846", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Mobile", + "version" : { + "version_data" : [ + { + "version_value" : "SD 210/SD 212/SD 205, SD 845, SD 850" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,8 +34,30 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The use of a non-time-constant memory comparison operation can lead to timing/side channel attacks in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 845, SD 850" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information Exposure in Storage" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } } + diff --git a/2018/11xxx/CVE-2018-11849.json b/2018/11xxx/CVE-2018-11849.json index 773b31f3466..3d945f52162 100644 --- a/2018/11xxx/CVE-2018-11849.json +++ b/2018/11xxx/CVE-2018-11849.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2018-11849", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version" : { + "version_data" : [ + { + "version_value" : "IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9886, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,8 +34,30 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Lack of check on out of range of bssid parameter When processing scan start command will lead to buffer flow in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9886, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Buffer Copy Without Checking Size of Input in WLAN" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } } + diff --git a/2018/11xxx/CVE-2018-11850.json b/2018/11xxx/CVE-2018-11850.json index 558e7218789..2ca46ac0061 100644 --- a/2018/11xxx/CVE-2018-11850.json +++ b/2018/11xxx/CVE-2018-11850.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2018-11850", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version" : { + "version_data" : [ + { + "version_value" : "MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 625, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,8 +34,30 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Lack of check on remaining length parameter When processing scan start command will lead to buffer flow in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 625, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Buffer Copy Without Checking Size of Input in WLAN" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } } + diff --git a/2018/11xxx/CVE-2018-11853.json b/2018/11xxx/CVE-2018-11853.json index 9b30bd64837..356a2fe2732 100644 --- a/2018/11xxx/CVE-2018-11853.json +++ b/2018/11xxx/CVE-2018-11853.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2018-11853", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Mobile, Snapdragon Wear", + "version" : { + "version_data" : [ + { + "version_value" : "IPQ8074, MDM9206, MDM9607, MDM9650, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,8 +34,30 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Lack of check on out of range for channels When processing channel list set command will lead to buffer flow in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Reachable Assertion in WLAN" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } } + diff --git a/2018/11xxx/CVE-2018-11854.json b/2018/11xxx/CVE-2018-11854.json index ba9636bae32..e4b1359fb5b 100644 --- a/2018/11xxx/CVE-2018-11854.json +++ b/2018/11xxx/CVE-2018-11854.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2018-11854", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Mobile", + "version" : { + "version_data" : [ + { + "version_value" : "SD 835, SD 845, SD 850, SDA660" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,8 +34,30 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Lack of check of valid length of input parameter may cause buffer overwrite in WLAN in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Buffer Copy Without Checking Size of Input in WLAN" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } } + diff --git a/2018/11xxx/CVE-2018-11950.json b/2018/11xxx/CVE-2018-11950.json index 60f39a873ce..e8cba04624f 100644 --- a/2018/11xxx/CVE-2018-11950.json +++ b/2018/11xxx/CVE-2018-11950.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2018-11950", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Mobile", + "version" : { + "version_data" : [ + { + "version_value" : "SD 845, SD 850" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,8 +34,30 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Unapproved TrustZone applications can be loaded and executed in Snapdragon Mobile in version SD 845, SD 850" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Improper Input Validation in Core" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } } + diff --git a/2018/11xxx/CVE-2018-11951.json b/2018/11xxx/CVE-2018-11951.json index 9d98fe78c0b..9cbbc387732 100644 --- a/2018/11xxx/CVE-2018-11951.json +++ b/2018/11xxx/CVE-2018-11951.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2018-11951", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Mobile", + "version" : { + "version_data" : [ + { + "version_value" : "SD 845, SD 850" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Improper access control in core module lead XBL_LOADER performs the ZI region clear for QTEE instead of XBL_SEC in Snapdragon Mobile in version SD 845, SD 850." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Improper Access Control in Core" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } diff --git a/2018/3xxx/CVE-2018-3588.json b/2018/3xxx/CVE-2018-3588.json index 48f3ff1ead8..a2739a26429 100644 --- a/2018/3xxx/CVE-2018-3588.json +++ b/2018/3xxx/CVE-2018-3588.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2018-3588", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version" : { + "version_data" : [ + { + "version_value" : "MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "There is improper access control of the SSC and GPU mapped regions which lead to inject code from HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Improper Access Control in Core." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } diff --git a/2018/5xxx/CVE-2018-5866.json b/2018/5xxx/CVE-2018-5866.json index 18ed6155dcb..53aa81614d3 100644 --- a/2018/5xxx/CVE-2018-5866.json +++ b/2018/5xxx/CVE-2018-5866.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2018-5866", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Mobile, Snapdragon Wear", + "version" : { + "version_data" : [ + { + "version_value" : "MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "While processing logs, data is copied into a buffer pointed to by an untrusted pointer in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Untrusted Pointer Dereference in TrustZone" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } diff --git a/2018/5xxx/CVE-2018-5914.json b/2018/5xxx/CVE-2018-5914.json index 81dcc101a33..1df0a1f47dc 100644 --- a/2018/5xxx/CVE-2018-5914.json +++ b/2018/5xxx/CVE-2018-5914.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2018-5914", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Mobile, Snapdragon Wear", + "version" : { + "version_data" : [ + { + "version_value" : "MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,8 +34,30 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Improper input validation in TZ led to array out of bound in TZ function while accessing the peripheral details using the incoming data in Snapdragon Mobile, Snapdragon Wear version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Improper Validation of Array Index in TZ CORE" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } } +