AndroidVulnerabilities.org

CVE-2018-11820

(json)

• CVE numbers: CVE-2018-11820 [Bulletin-CVE-2018-11820]
• Coordinated disclosure?: unknown
• Categories: Qualcomm closed-source components
• Details: Use of non-time constant memcmp function creates side channel that leaks information and leads to cryptographic issues in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 800, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130. [NIST-CVE-2018-11820]
• Discovered by: derrek (@derrekr6) [Discovery-CVE-2018-11820] on: Unknown
• Reported on: 2019-02-01 [Bulletin-CVE-2018-11820]
• Fixed on: Unknown
• Fix released on: 2019-02-05 [Bulletin-CVE-2018-11820]
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: Qualcomm [Bulletin-CVE-2018-11820]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-24