CVE-2018-5914

Summary

Improper input validation in TZ led to array out of bound in TZ function while accessing the peripheral details using the incoming data in Snapdragon Mobile, Snapdragon Wear version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660.

Affected Software

VendorProductVersion RangeStatus
Qualcomm, Inc.Snapdragon Mobile, Snapdragon WearMDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660affected

Weaknesses

  • Improper Validation of Array Index in TZ CORE

ADP Enrichment

CVE Program Container

Additional References

References