How severe is CVE-2018-5913?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2018-5913?

This is classified as CWE-310, which is a common weakness in software security.

CVE-2018-5913 - HIGH Severity | CVSS 7.8

Vulnerability Description

A non-time constant function memcmp is used which creates a side channel that could leak information in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

Related Vulnerabilities

CVE-2015-9003

HIGH

CVSS:7.8(High)

In TrustZone a cryptographic issue can potentially occur in all Android releases from CAF using the Linux kernel.

CWE-3102015

CVE-2016-10136

HIGH

CVSS:7.8(High)

An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The content provider named com.adups.fota.sysoper.provider.InfoProvider in the app with a package name of com.adups.fota.syso...

CWE-3102016

CVE-2016-10137

HIGH

CVSS:7.8(High)

CWE-3102016

CVE-2016-10138

HIGH

CVSS:7.8(High)

An issue was discovered on BLU Advance 5.0 and BLU R1 HD devices with Shanghai Adups software. The com.adups.fota.sysoper app is installed as a system app and cannot be disabled by the user. In the co...

CWE-3102016

CVE-2016-10139

HIGH

CVSS:7.8(High)

An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The two package names involved in the exfiltration are com.adups.fota and com.adups.fota.sysoper. In the com.adups.fota.sysop...

CWE-3102016

CVE-2017-13091

HIGH

CVSS:7.8(High)

The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including improperly specified pad...

CWE-3102017