Russian Hacker Pleads Guilty to Bank Fraud

February 25, 2019 TH Author 0 Comments

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability DatabaseCVE-2018-11289
PUBLISHED: 2019-02-25

Data truncation during higher to lower type conversion which causes less memory allocation than desired can leads to a buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Sn…

CVE-2018-11820
PUBLISHED: 2019-02-25

Use of non-time constant memcmp function creates side channel that leaks information and leads to cryptographic issues in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Sn…

CVE-2018-11845
PUBLISHED: 2019-02-25

Usage of non-time-constant comparison functions can lead to information leakage through side channel analysis in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdrag…

CVE-2018-11864
PUBLISHED: 2019-02-25

Bytes can be written to fuses from Secure region which can be read later by HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdra…

CVE-2018-11931
PUBLISHED: 2019-02-25

Improper access to HLOS is possible while transferring memory to CPZ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in versions MDM9150,…

Leave a Reply Cancel reply