Unrated severityNVD Advisory· Published Jul 6, 2018· Updated Sep 17, 2024

CVE-2018-5891

Description

While processing modem SSR after IMS is registered, the IMS data daemon is restarted but the ipc_dataHandle is no longer available. Consequently, the DPL thread frees the internal memory for dataDHandle but the local variable pointer is not updated which can lead to a Use After Free condition in Snapdragon Mobile and Snapdragon Wear.

Affected products

Qualcomm/Snapdragon Mobilellm-fuzzy
Qualcomm/Snapdragon Wearllm-fuzzy
Qualcomm, Inc./Snapdragon Mobile, Snapdragon Wearv5
Range: MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.qualcomm.com/company/product-security/bulletinsmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000