CVE-2018-11945

Q: What is the severity of CVE-2018-11945?

CVE-2018-11945 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to execute arbitrary code or cause denial of service via heap overflow in Qualcomm Snapdragon wireless service messaging modules. It affects numerous Snapdragon platforms across automotive, mobile, IoT, wearables, and compute devices when processing broadcast messages.

9.8 CRITICAL

Remote Code Execution Denial of Service

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code or cause denial of service via heap overflow in Qualcomm Snapdragon wireless service messaging modules. It affects numerous Snapdragon platforms across automotive, mobile, IoT, wearables, and compute devices when processing broadcast messages.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Consumer Electronics Connectivity
Snapdragon Consumer IOT
Snapdragon Industrial IOT
Snapdragon IoT
Snapdragon Mobile
Snapdragon Voice & Music
Snapdragon Wearables

Versions: MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130

Operating Systems: Android, Linux-based embedded systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with wireless capabilities enabled. The vulnerability is in firmware/baseband components, not application-level software.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel privileges leading to complete device compromise, data theft, and persistent backdoor installation.

🟠

Likely Case

Device crash/reboot (denial of service) or limited code execution in wireless service context.

🟢

If Mitigated

Denial of service only if memory protections are enabled, but full exploitation prevented.

🌐 Internet-Facing: HIGH - Exploitable via broadcast messages that can be transmitted wirelessly without authentication.

🏢 Internal Only: MEDIUM - Requires proximity or network access, but broadcast messages can propagate within wireless range.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting malicious broadcast messages but no authentication. Heap overflow exploitation typically requires specific memory layout knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm security bulletins for specific platform firmware updates

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply Qualcomm-provided firmware patches. 3. Reboot device. 4. Verify patch installation through version checks.

🔧 Temporary Workarounds

Disable vulnerable wireless services

all

Temporarily disable wireless broadcast message processing if not required

Device-specific commands vary by platform - consult manufacturer documentation

Network segmentation

all

Isolate affected devices from untrusted networks

Configure firewall rules to restrict wireless broadcast traffic

🧯 If You Can't Patch

Deploy network monitoring for anomalous broadcast traffic patterns
Implement physical security controls to limit wireless access to devices

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against Qualcomm's affected versions list. Use manufacturer-specific commands to query baseband version.

Check Version:

Device-specific (e.g., Android: 'getprop ro.bootloader' or 'cat /proc/version')

Verify Fix Applied:

Verify firmware version has been updated to patched release. Check Qualcomm security bulletin for fixed versions.

📡 Detection & Monitoring

Log Indicators:

Unexpected device reboots
Wireless service crashes
Memory corruption errors in system logs

Network Indicators:

Anomalous broadcast message patterns
Unexpected wireless protocol traffic

SIEM Query:

Wireless broadcast messages with malformed headers or unusual size parameters

📊 Metadata

CVE ID: CVE-2018-11945

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: February 25, 2019

Last Updated: November 21, 2024

🔗 References

http://www.securityfocus.com/bid/106845 Third Party Advisory,VDB Entry
https://www.qualcomm.com/company/product-security/bulletins Vendor Advisory
http://www.securityfocus.com/bid/106845 Third Party Advisory,VDB Entry
https://www.qualcomm.com/company/product-security/bulletins Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Mdm9150 Firmware by Qualcomm

Mdm9206 Firmware by Qualcomm

Mdm9607 Firmware by Qualcomm

Mdm9615 Firmware by Qualcomm

Mdm9625 Firmware by Qualcomm

Mdm9635m Firmware by Qualcomm

Mdm9640 Firmware by Qualcomm

Mdm9650 Firmware by Qualcomm

Mdm9655 Firmware by Qualcomm

Msm8909w Firmware by Qualcomm

Msm8996au Firmware by Qualcomm

Qcs605 Firmware by Qualcomm

Sd 12 Firmware by Qualcomm

Sd 16 Firmware by Qualcomm

Sd 205 Firmware by Qualcomm

Sd 210 Firmware by Qualcomm

Sd 212 Firmware by Qualcomm

Sd 410 Firmware by Qualcomm

Sd 415 Firmware by Qualcomm

Sd 425 Firmware by Qualcomm

Sd 427 Firmware by Qualcomm

Sd 429 Firmware by Qualcomm

Sd 430 Firmware by Qualcomm

Sd 435 Firmware by Qualcomm

Sd 439 Firmware by Qualcomm

Sd 450 Firmware by Qualcomm

Sd 52 Firmware by Qualcomm

Sd 615 Firmware by Qualcomm

Sd 625 Firmware by Qualcomm

Sd 632 Firmware by Qualcomm

Sd 636 Firmware by Qualcomm

Sd 650 Firmware by Qualcomm

Sd 670 Firmware by Qualcomm

Sd 675 Firmware by Qualcomm

Sd 710 Firmware by Qualcomm

Sd 712 Firmware by Qualcomm

Sd 820 Firmware by Qualcomm

Sd 820a Firmware by Qualcomm

Sd 835 Firmware by Qualcomm

Sd 845 Firmware by Qualcomm

Sd 850 Firmware by Qualcomm

Sd 855 Firmware by Qualcomm

Sd 8cx Firmware by Qualcomm

Sda660 Firmware by Qualcomm

Sdm439 Firmware by Qualcomm

Sdm630 Firmware by Qualcomm

Sdm660 Firmware by Qualcomm

Sdx20 Firmware by Qualcomm

Snapdragon High Med 2016 Firmware by Qualcomm

Sxr1130 Firmware by Qualcomm