安全研究

安全漏洞
多款Qualcomm Snapdragon产品缓冲区溢出漏洞(CVE-2018-11850)

发布日期:2018-10-29
更新日期:2018-10-30

受影响系统:
Qualcomm chipsets SDX20
Qualcomm chipsets SDA660
Qualcomm chipsets SD 850
Qualcomm chipsets SD 845
Qualcomm chipsets SD 835
Qualcomm chipsets SD 820A
Qualcomm chipsets SD 820
Qualcomm chipsets SD 810
Qualcomm chipsets SD 625
Qualcomm chipsets SD 425
Qualcomm chipsets SD 212
Qualcomm chipsets SD 210
Qualcomm chipsets SD 205
Qualcomm chipsets QCA9379
Qualcomm chipsets QCA9377
Qualcomm chipsets QCA6584AU
Qualcomm chipsets QCA6584
Qualcomm chipsets QCA6574AU
Qualcomm chipsets QCA6174A
Qualcomm chipsets MSM8996AU
Qualcomm chipsets MDM9650
Qualcomm chipsets MDM9640
Qualcomm chipsets MDM9607
Qualcomm chipsets MDM9206
描述:
CVE(CAN) ID: CVE-2018-11850

Qualcomm IPQ8074是应用于不同平台的中央处理器(CPU)产品。

多款Qualcomm Snapdragon产品中在处理WMI_START_SCAN_CMDID时,未能对'remaining_len'范围进行检查,在实现中存在缓冲区溢出漏洞。攻击者可利用该漏洞执行任意代码或造成拒绝服务。

<*来源:vendor
  *>

建议:
厂商补丁:

Qualcomm
--------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

https://www.qualcomm.com/company/product-security/bulletins

浏览次数:2483
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障