Vulnerability Details CVE-2018-13906
The HMAC authenticating the message from QSEE is vulnerable to timing side channel analysis leading to potentially forged application message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.0%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 6.4
References
Products affected by CVE-2018-13906
-
cpe:2.3:h:qualcomm:ipq4019:-
-
cpe:2.3:h:qualcomm:ipq8074:-
-
cpe:2.3:h:qualcomm:mdm9150:-
-
cpe:2.3:h:qualcomm:mdm9206:-
-
cpe:2.3:h:qualcomm:mdm9607:-
-
cpe:2.3:h:qualcomm:mdm9635m:-
-
cpe:2.3:h:qualcomm:mdm9640:-
-
cpe:2.3:h:qualcomm:mdm9650:-
-
cpe:2.3:h:qualcomm:mdm9655:-
-
cpe:2.3:h:qualcomm:msm8909w:-
-
cpe:2.3:h:qualcomm:msm8996au:-
-
cpe:2.3:h:qualcomm:qca8081:-
-
cpe:2.3:h:qualcomm:qcs405:-
-
cpe:2.3:h:qualcomm:qcs605:-
-
cpe:2.3:h:qualcomm:qualcomm_215:-
-
cpe:2.3:h:qualcomm:sd_205:-
-
cpe:2.3:h:qualcomm:sd_210:-
-
cpe:2.3:h:qualcomm:sd_212:-
-
cpe:2.3:h:qualcomm:sd_410:-
-
cpe:2.3:h:qualcomm:sd_412:-
-
cpe:2.3:h:qualcomm:sd_415:-
-
cpe:2.3:h:qualcomm:sd_425:-
-
cpe:2.3:h:qualcomm:sd_427:-
-
cpe:2.3:h:qualcomm:sd_429:-
-
cpe:2.3:h:qualcomm:sd_430:-
-
cpe:2.3:h:qualcomm:sd_435:-
-
cpe:2.3:h:qualcomm:sd_439:-
-
cpe:2.3:h:qualcomm:sd_450:-
-
cpe:2.3:h:qualcomm:sd_615:-
-
cpe:2.3:h:qualcomm:sd_616:-
-
cpe:2.3:h:qualcomm:sd_625:-
-
cpe:2.3:h:qualcomm:sd_632:-
-
cpe:2.3:h:qualcomm:sd_636:-
-
cpe:2.3:h:qualcomm:sd_650:-
-
cpe:2.3:h:qualcomm:sd_652:-
-
cpe:2.3:h:qualcomm:sd_670:-
-
cpe:2.3:h:qualcomm:sd_710:-
-
cpe:2.3:h:qualcomm:sd_712:-
-
cpe:2.3:h:qualcomm:sd_820:-
-
cpe:2.3:h:qualcomm:sd_820a:-
-
cpe:2.3:h:qualcomm:sd_835:-
-
cpe:2.3:h:qualcomm:sd_845:-
-
cpe:2.3:h:qualcomm:sd_850:-
-
cpe:2.3:h:qualcomm:sd_855:-
-
cpe:2.3:h:qualcomm:sd_8cx:-
-
cpe:2.3:h:qualcomm:sda660:-
-
cpe:2.3:h:qualcomm:sdm439:-
-
cpe:2.3:h:qualcomm:sdm630:-
-
cpe:2.3:h:qualcomm:sdm660:-
-
cpe:2.3:h:qualcomm:sdx20:-
-
cpe:2.3:h:qualcomm:snapdragon_high_med_2016:-
-
cpe:2.3:h:qualcomm:sxr1130:-
-
cpe:2.3:o:qualcomm:ipq4019_firmware:-
-
cpe:2.3:o:qualcomm:ipq8074_firmware:-
-
cpe:2.3:o:qualcomm:mdm9150_firmware:-
-
cpe:2.3:o:qualcomm:mdm9206_firmware:-
-
cpe:2.3:o:qualcomm:mdm9607_firmware:-
-
cpe:2.3:o:qualcomm:mdm9635m_firmware:-
-
cpe:2.3:o:qualcomm:mdm9640_firmware:-
-
cpe:2.3:o:qualcomm:mdm9650_firmware:-
-
cpe:2.3:o:qualcomm:mdm9655_firmware:-
-
cpe:2.3:o:qualcomm:msm8909w_firmware:-
-
cpe:2.3:o:qualcomm:msm8996au_firmware:-
-
cpe:2.3:o:qualcomm:qca8081_firmware:-
-
cpe:2.3:o:qualcomm:qcs405_firmware:-
-
cpe:2.3:o:qualcomm:qcs605_firmware:-
-
cpe:2.3:o:qualcomm:qualcomm_215_firmware:-
-
cpe:2.3:o:qualcomm:sd_205_firmware:-
-
cpe:2.3:o:qualcomm:sd_210_firmware:-
-
cpe:2.3:o:qualcomm:sd_212_firmware:-
-
cpe:2.3:o:qualcomm:sd_410_firmware:-
-
cpe:2.3:o:qualcomm:sd_412_firmware:-
-
cpe:2.3:o:qualcomm:sd_415_firmware:-
-
cpe:2.3:o:qualcomm:sd_425_firmware:-
-
cpe:2.3:o:qualcomm:sd_427_firmware:-
-
cpe:2.3:o:qualcomm:sd_429_firmware:-
-
cpe:2.3:o:qualcomm:sd_430_firmware:-
-
cpe:2.3:o:qualcomm:sd_435_firmware:-
-
cpe:2.3:o:qualcomm:sd_439_firmware:-
-
cpe:2.3:o:qualcomm:sd_450_firmware:-
-
cpe:2.3:o:qualcomm:sd_615_firmware:-
-
cpe:2.3:o:qualcomm:sd_616_firmware:-
-
cpe:2.3:o:qualcomm:sd_625_firmware:-
-
cpe:2.3:o:qualcomm:sd_632_firmware:-
-
cpe:2.3:o:qualcomm:sd_636_firmware:-
-
cpe:2.3:o:qualcomm:sd_650_firmware:-
-
cpe:2.3:o:qualcomm:sd_652_firmware:-
-
cpe:2.3:o:qualcomm:sd_670_firmware:-
-
cpe:2.3:o:qualcomm:sd_710_firmware:-
-
cpe:2.3:o:qualcomm:sd_712_firmware:-
-
cpe:2.3:o:qualcomm:sd_820_firmware:-
-
cpe:2.3:o:qualcomm:sd_820a_firmware:-
-
cpe:2.3:o:qualcomm:sd_835_firmware:-
-
cpe:2.3:o:qualcomm:sd_845_firmware:-
-
cpe:2.3:o:qualcomm:sd_850_firmware:-
-
cpe:2.3:o:qualcomm:sd_855_firmware:-
-
cpe:2.3:o:qualcomm:sd_8cx_firmware:-
-
cpe:2.3:o:qualcomm:sda660_firmware:-
-
cpe:2.3:o:qualcomm:sdm439_firmware:-
-
cpe:2.3:o:qualcomm:sdm630_firmware:-
-
cpe:2.3:o:qualcomm:sdm660_firmware:-
-
cpe:2.3:o:qualcomm:sdx20_firmware:-
-
cpe:2.3:o:qualcomm:snapdragon_high_med_2016_firmware:-
-
cpe:2.3:o:qualcomm:sxr1130_firmware:-