VYPR
High severity7.7NVD Advisory· Published Jul 6, 2018· Updated Jun 17, 2026

CVE-2018-11259

CVE-2018-11259

Description

Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased. Apps processor then has non-secure world full read/write access to the partition until the modem boots and configures the EFS partition addresses in its MPU partition.

Affected products

2
  • Qualcomm, Inc./Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wearv5
    Range: MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.