CVE-2018-11820 | Vulnerability Database | Aqua Security

Use of non-time constant memcmp function creates side channel that leaks information and leads to cryptographic issues in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 800, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130.

Affected Software

Name	Vendor	Start Version	End Version
Ipq8074_firmware	Qualcomm	- (including)	- (including)

References

http://www.securityfocus.com/bid/106845
https://www.qualcomm.com/company/product-security/bulletins
http://www.securityfocus.com/bid/106845
https://www.qualcomm.com/company/product-security/bulletins

NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-11820
CWE	https://cwe.mitre.org/data/definitions/.html