CRITICAL🇵🇱 Wersja polska

CVE-2018-11922

CVSS 9.8v3.1pub. 2024-11-26upd. 2025-01-09

Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user.

🤖 AI Analysis
How it works

Improper configuration of the Touch Pal application causes data regarding user behavior (e.g., keyboard interactions or other system events) to be collected implicitly. The user is not informed about this process nor does he consent to it. The vulnerability affects firmware of selected Qualcomm modem platforms.

Impact

An attacker or unauthorized third party can gain access to data about user behavior, which constitutes a serious breach of privacy and confidentiality. Depending on the scope of collected data, it is possible to disclose sensitive personal information.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with references — Qualcomm security bulletin from May 2018 (https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html). It is recommended to update the firmware of devices based on vulnerable platforms.

Who is affected

Qualcomm MDM9206 Firmware, Qualcomm MDM9607 Firmware, Qualcomm MDM9640 Firmware and corresponding hardware platforms (MDM9206, MDM9607). Specific firmware versions indicated in manufacturer references.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Qualcomm 215

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm 215 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Mdm9206

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Mdm9206 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Mdm9607

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Mdm9607 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Mdm9640

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Mdm9640 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Mdm9650

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Mdm9650 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 205

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 205 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 210

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 210 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 212

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 212 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 425

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 425 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 427

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 427 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 429

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 429 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 430

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 430 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 435

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 435 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 439

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 439 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 450

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Sd 450 Firmware

    OS
    Qualcomm
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2017-11076CRITICAL9.8PL ✓ten sam produkt

Qualcomm: Nieprawidłowy dostęp do pamięci przy dekodowaniu VP9 (sprzętowe)

CVE-2017-17772CRITICAL9.8PL ✓ten sam produkt

Qualcomm SD 450/625/820 — odczyt poza granicami bufora w obsłudze ramek 802.11

CVE-2023-43551CRITICAL9.1PL ✓ten sam produkt

Pominięcie uwierzytelnienia w sieciach LTE w modemach Qualcomm

CVE-2023-33030CRITICAL9.3PL ✓ten sam produkt

Memory corruption w HLOS podczas obsługi PlayReady w chipsetach Qualcomm

CVE-2023-22388CRITICAL9.8ten sam produkt

Memory Corruption in Multi-mode Call Processor while processing bit mask API.