CVE-2018-11845
Usage of non-time-constant comparison functions can lead to information leakage through side channel analysis in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in versions MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130.
EPSS 0.05% · 16.4th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| qualcomm | sd_439_firmware | |
| qualcomm | sd_652_firmware | |
| qualcomm | sd_712_firmware | |
| qualcomm | sdm439_firmware | |
| qualcomm | qcs605_firmware | |
| qualcomm | sd_820a_firmware | |
| qualcomm | sd_450_firmware | |
| qualcomm | sd_632_firmware | |
| qualcomm | msm8996au_firmware | |
| qualcomm | sd_636_firmware | |
| qualcomm | sd_835_firmware | |
| qualcomm | sd_427_firmware | |
| qualcomm | sd_410_firmware | |
| qualcomm | sd_850_firmware | |
| qualcomm | sxr1130_firmware | |
| qualcomm | snapdragon_high_med_2016_firmware | |
| qualcomm | sd_425_firmware | |
| qualcomm | sd_210_firmware | |
| qualcomm | mdm9206_firmware | |
| qualcomm | mdm9607_firmware |
…and 21 more
Timeline
- Feb 5, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score