CVE-2018-11952

Summary

An image with a version lower than the fuse version may potentially be booted lead to improper authentication.

Affected Software

VendorProductVersion RangeStatus
Qualcomm, Inc.SnapdragonMDM9206affected
Qualcomm, Inc.SnapdragonMDM9607affected
Qualcomm, Inc.SnapdragonMDM9640affected
Qualcomm, Inc.SnapdragonMDM9650affected
Qualcomm, Inc.SnapdragonMSM8909Waffected
Qualcomm, Inc.SnapdragonSD 210/SD 212/SD 205affected
Qualcomm, Inc.SnapdragonSD 425affected
Qualcomm, Inc.SnapdragonSD 430affected
Qualcomm, Inc.SnapdragonSD 450affected
Qualcomm, Inc.SnapdragonSD 615/16/SD 415affected
Qualcomm, Inc.SnapdragonSD 617affected
Qualcomm, Inc.SnapdragonSD 625affected
Qualcomm, Inc.SnapdragonSD 650/52affected
Qualcomm, Inc.SnapdragonSD 810affected
Qualcomm, Inc.SnapdragonSD 820affected
Qualcomm, Inc.SnapdragonSD 820Aaffected
Qualcomm, Inc.SnapdragonSD 835affected
Qualcomm, Inc.SnapdragonSD 845affected

Weaknesses

  • CWE-287: CWE-287 Improper Authentication

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References