CVE-2018-3591 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2018-3591

Analyzed

More Info Official Page

Source-product-security@qualcomm.com

Published At-11 Apr, 2018 | 15:29

Updated At-03 Oct, 2019 | 00:03

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016, the default build configuration of deviceprogrammer in BOOT.BF.3.0 enables the flag SKIP_SECBOOT_CHECK_NOT_RECOMMENDED_BY_QUALCOMM which will open up the peek and poke commands to any memory location on the target.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C

CPE Matches

Qualcomm Technologies, Inc.

>>mdm9206_firmware>>-

cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>mdm9607_firmware>>-

cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>mdm9635m_firmware>>-

cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>mdm9650_firmware>>-

cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>mdm9655_firmware>>-

cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_210_firmware>>-

cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_212_firmware>>-

cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_205_firmware>>-

cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_410_firmware>>-

cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_412_firmware>>-

cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_425_firmware>>-

cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_430_firmware>>-

cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_450_firmware>>-

cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_615_firmware>>-

cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_616_firmware>>-

cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_415_firmware>>-

cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_427_firmware>>-

cpe:2.3:o:qualcomm:sd_427_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_427:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_625_firmware>>-

cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_650_firmware>>-

cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_652_firmware>>-

cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_435_firmware>>-

cpe:2.3:o:qualcomm:sd_435_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_435:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sdm630_firmware>>-

cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sdm630:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sdm636_firmware>>-

cpe:2.3:o:qualcomm:sdm636_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sdm636:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_820_firmware>>-

cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_835_firmware>>-

cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-1188	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/103671	product-security@qualcomm.com	Third Party Advisory VDB Entry
https://source.android.com/security/bulletin/2018-04-01	product-security@qualcomm.com	Vendor Advisory