In Android prior to 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, SD 400, SD 425, SD 430, SD 450, SD 600, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, in the Diag User-PD command registration function, a length variable used during buffer allocation is not checked, so if it is very large, an integer overflow followed by a buffer overflow occurs.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
qualcomm mdm9625_firmware - |
||
qualcomm mdm9635m_firmware - |
||
qualcomm mdm9640_firmware - |
||
qualcomm mdm9645_firmware - |
||
qualcomm mdm9650_firmware - |
||
qualcomm mdm9655_firmware - |
||
qualcomm sd_400_firmware - |
||
qualcomm sd_425_firmware - |
||
qualcomm sd_430_firmware - |
||
qualcomm sd_450_firmware - |
||
qualcomm sd_600_firmware - |
||
qualcomm sd_617_firmware - |
||
qualcomm sd_625_firmware - |
||
qualcomm sd_650_firmware - |
||
qualcomm sd_652_firmware - |
||
qualcomm sd_800_firmware - |
||
qualcomm sd_808_firmware - |
||
qualcomm sd_810_firmware - |
||
qualcomm sd_820_firmware - |
||
qualcomm sd_835_firmware - |
||
qualcomm sd_845_firmware - |
||
qualcomm sdx20_firmware - |
||
qualcomm sd_850_firmware - |
||
qualcomm sd_820a_firmware - |