FKIE_CVE-2018-11816
Vulnerability from fkie_nvd - Published: 2024-11-26 14:15 - Updated: 2026-06-17 01:36
Severity
Summary
Crafted Binder Request Causes Heap UAF in MediaServer
References
Impacted products
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon Consumer IOT",
"Snapdragon Industrial IOT",
"Snapdragon IoT",
"Snapdragon Mobile",
"Snapdragon Voice \u0026 Music",
"Snapdragon Wearables"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "9206 LTE Modem"
},
{
"status": "affected",
"version": "APQ8016"
},
{
"status": "affected",
"version": "APQ8017"
},
{
"status": "affected",
"version": "APQ8039"
},
{
"status": "affected",
"version": "APQ8052"
},
{
"status": "affected",
"version": "APQ8056"
},
{
"status": "affected",
"version": "APQ8076"
},
{
"status": "affected",
"version": "AQT1000"
},
{
"status": "affected",
"version": "AR6003"
},
{
"status": "affected",
"version": "SD660"
},
{
"status": "affected",
"version": "SD670"
},
{
"status": "affected",
"version": "SD820"
},
{
"status": "affected",
"version": "SD821"
},
{
"status": "affected",
"version": "SD835"
}
]
}
],
"source": "product-security@qualcomm.com"
},
{
"affectedData": [
{
"cpes": [
"cpe:2.3:o:qualcomm:9206_lte_modem_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "9206_lte_modem_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:apq8016_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apq8016_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:apq8017_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apq8017_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:apq8039_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apq8039_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:apq8052_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apq8052_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:apq8056_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apq8056_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:apq8076_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apq8076_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:aqt1000_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aqt1000_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:ar6003_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ar6003_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd660_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd660_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd670_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd670_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd820_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd820_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd821_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd821_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sd835_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sd835_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:9206_lte_modem_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C2632A-02F2-4C59-AF96-E2C77940360F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:9206_lte_modem:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D10A104D-951A-4FA9-938A-1324640A998D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:apq8016_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81301BE5-3FA9-4053-97BC-11A9C10E196D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:apq8016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E79D48-F105-4D64-8C8F-88FE0345F5E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:apq8017_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FEDA6CA-A0FD-4A72-B856-C8E65AC86902",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:apq8017:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D29295A-7183-46BE-B4EE-F891D1C17ED9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:apq8039_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D92D2DA-6F6E-4880-8B60-D921A63F8B1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:apq8039:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33DE4FE6-7125-4624-8876-9A78E68338AD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:apq8052_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFE1790F-48DF-4426-96D3-E249D09D96BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:apq8052:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DAAA479-0381-43F7-BF03-B21BCBD87EA6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:apq8056_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF26A582-CE43-4571-9815-2A789C5B065B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:apq8056:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E30004FD-C2FB-4C77-8489-D7A7EE9A9575",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:apq8076_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4CAA77-CC4D-49CF-9696-6C2542B31415",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:apq8076:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E19E8B60-4C5C-4D1C-B9F0-AB1FC1F58949",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:aqt1000_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC6FCE91-BF38-49ED-8FFB-429BAFEE7832",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:aqt1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "715A9F94-5F9E-45E5-B07B-699410C01478",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:ar6003_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D852D3BA-1A2E-4C98-B747-8DA14AC44B1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:ar6003:-:*:*:*:*:*:*:*",
"matchCriteriaId": "140FD423-FAC4-4D2D-BCFF-511E0AE8CE95",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:sd660_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3991C516-4FBE-43D8-835F-413FE45BF73E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:sd660:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D9CF5EBB-B25A-4A76-B522-951F108263CC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:sd670_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8DA94C-23A0-4C99-9F05-144B9B5224B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:sd670:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39E10E22-E7CC-41D6-80F3-030083F45645",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:sd820_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC508C49-0B76-43A8-B2AF-0F8EB989E238",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:sd820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9665200-D306-4EEB-9F42-6C5963524179",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:sd821_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A54F4A3-19E3-4825-98C7-DA632D692A06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:sd821:-:*:*:*:*:*:*:*",
"matchCriteriaId": "028CD81A-0D9D-40B0-9E2F-DC8689607B24",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:sd835_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA605FD-B801-43BB-B52D-879013F7F57E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:sd835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "908BFD96-0423-4AFC-B8F3-105B2D5B4C73",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Crafted Binder Request Causes Heap UAF in MediaServer"
},
{
"lang": "es",
"value": "Solicitud de Binder manipulada provoca UAF en el heap en MediaServer"
}
],
"id": "CVE-2018-11816",
"lastModified": "2026-06-17T01:36:38.863",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "product-security@qualcomm.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2018-11816",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:50:03.524048Z",
"version": "2.0.3"
}
}
]
},
"published": "2024-11-26T14:15:17.723",
"references": [
{
"source": "product-security@qualcomm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html"
}
],
"sourceIdentifier": "product-security@qualcomm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "product-security@qualcomm.com",
"type": "Secondary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…