CVE-2018-13906

🗓️ 14 Jun 2019 17:02:09Reported by qualcommType

The HMAC authentication in multiple Snapdragon platforms is vulnerable to timing side channel analysis, potentially leading to forged application messages

Reporter	Title	Published	Views	Family All 7
Android Security Bulletins	Android Security Bulletin—May 2019Stay organized with collectionsSave and categorize content based on your preferences.	6 May 201900:00	–	androidsecurity
CNVD	Information Disclosure Vulnerability in Multiple Qualcomm Products (CNVD-2019-13771)	9 May 201900:00	–	cnvd
CVE	CVE-2018-13906	14 Jun 201917:02	–	cve
EUVD	EUVD-2018-5840	7 Oct 202500:30	–	euvd
NVD	CVE-2018-13906	14 Jun 201917:29	–	nvd
Prion	Code injection	14 Jun 201917:29	–	prion
RedhatCVE	CVE-2018-13906	22 May 202512:54	–	redhatcve

[
  {
    "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "IPQ4019, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130"
      }
    ]
  }
]

Source	Link
qualcomm	www.qualcomm.com/company/product-security/bulletins

14 Jun 2019 17:02Current

9.2High risk

Vulners AI Score9.2

EPSS0.00233