641
VMScore

CVE-2018-13896

Published: 22/07/2019 Updated: 25/07/2019
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

XBL_SEC image authentication and other crypto related validations are accessible to a compromised OEM XBL Loader due to missing lock at XBL_SEC stage.. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCS404, QCS605, Qualcomm 215, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

qualcomm mdm9206 firmware -

qualcomm mdm9607 firmware -

qualcomm mdm9650 firmware -

qualcomm mdm9655 firmware -

qualcomm msm8996au firmware -

qualcomm qcs404 firmware -

qualcomm qcs605 firmware -

qualcomm qualcomm 215 firmware -

qualcomm sd 410 firmware -

qualcomm sd 412 firmware -

qualcomm sd 425 firmware -

qualcomm sd 427 firmware -

qualcomm sd 430 firmware -

qualcomm sd 435 firmware -

qualcomm sd 439 firmware -

qualcomm sd 429 firmware -

qualcomm sd 450 firmware -

qualcomm sd 625 firmware -

qualcomm sd 632 firmware -

qualcomm sd 636 firmware -

qualcomm sd 712 firmware -

qualcomm sd 710 firmware -

qualcomm sd 670 firmware -

qualcomm sd 820 firmware -

qualcomm sd 820a firmware -

qualcomm sd 835 firmware -

qualcomm sd 845 firmware -

qualcomm sd 850 firmware -

qualcomm sd 855 firmware -

qualcomm sd 8cx firmware -

qualcomm sda660 firmware -

qualcomm sdm439 firmware -

qualcomm sdm630 firmware -

qualcomm sdm660 firmware -

qualcomm snapdragon high med 2016 firmware -

qualcomm sxr1130 firmware -

Recent Articles

It's that time again: Android kicks off June's patch parade with fixes for five hijack holes
The Register • Shaun Nichols in San Francisco • 05 Jun 2019

Updates are on the way… if you have a Google device, at least Titan-ic disaster: Bluetooth blunder sinks Google's 2FA keys, free replacements offered

Google has released its June bundle of security vulnerability patches for Android, with fixes for 22 CVE-listed flaws included. This month's update, including eight critical fixes, includes patches to close up four confirmed remote code execution vulnerabilities. Google says none of the bugs have been targeted in the wild, yet. Those with Google-branded devices like the Pixel phone line will get the update directly from the Chocolate Factory, while others will need to rely on their vendor or car...