CVE-2018-3588

EUVD-2018-15442
There is improper access control of the SSC and GPU mapped regions which lead to inject code from HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
Affected Products (NVD)
VendorProductVersion
qualcommmdm9206_firmware
-
qualcommmdm9607_firmware
-
qualcommmdm9650_firmware
-
qualcommmsm8996au_firmware
-
qualcommsd_210_firmware
-
qualcommsd_212_firmware
-
qualcommsd_205_firmware
-
qualcommsd_820_firmware
-
qualcommsd_820a_firmware
-
qualcommsd_835_firmware
-
qualcommsda660_firmware
-
𝑥
= Vulnerable software versions
References
https://www.qualcomm.com/company/product-security/bulletins
https://www.qualcomm.com/company/product-security/bulletins