CVE-2018-11982

In Snapdragon (Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016, a double free of ASN1 heap memory used for EUTRA CAP container occurs during UTRAN to LTE Capability inquiry procedure.

Published: 2018-09-20 Last update: 2024-11-21 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2018-11982 is rated Moderate Risk (46.2/100): CVSS High severity, with low exploitation likelihood (EPSS 0.39%). Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2018-11982

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.08% 0.39% +0.31%
2 2025-03-30 0.29% 0.08% -0.21%
3 2025-03-29 0.29%

Full EPSS history (6 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2018-11982

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
8.8 3.0 HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Click to expand
Attack vector (AV:A)
Attacker has to be nearby on the network—same office, same link, that vibe—not the whole wide internet.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 2.8 5.9 [email protected]
8.3 2.0 HIGH
AV:A/AC:L/Au:N/C:C/I:C/A:C Click to expand
Access vector (AV:A)
Requires access to an adjacent network segment.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:C)
Complete integrity impact.
Availability impact (A:C)
Complete availability impact.
 6.5 10.0 [email protected]

Weakness enumeration for CVE-2018-11982

Affected software / configurations for CVE-2018-11982

Vendor Product Version Raw CPE
qualcomm mdm9206_firmware cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
qualcomm mdm9607_firmware cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
qualcomm mdm9635m_firmware cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*
qualcomm mdm9640_firmware cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*
qualcomm mdm9645_firmware cpe:2.3:o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:*
qualcomm mdm9655_firmware cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*
qualcomm msm8909w_firmware cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*
qualcomm msm8996au_firmware cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*
qualcomm sd210_firmware cpe:2.3:o:qualcomm:sd210_firmware:-:*:*:*:*:*:*:*
qualcomm sd212_firmware cpe:2.3:o:qualcomm:sd212_firmware:-:*:*:*:*:*:*:*
qualcomm sd205_firmware cpe:2.3:o:qualcomm:sd205_firmware:-:*:*:*:*:*:*:*
qualcomm sd410_firmware cpe:2.3:o:qualcomm:sd410_firmware:-:*:*:*:*:*:*:*
qualcomm sd412_firmware cpe:2.3:o:qualcomm:sd412_firmware:-:*:*:*:*:*:*:*
qualcomm sd425_firmware cpe:2.3:o:qualcomm:sd425_firmware:-:*:*:*:*:*:*:*
qualcomm sd427_firmware cpe:2.3:o:qualcomm:sd427_firmware:-:*:*:*:*:*:*:*
qualcomm sd430_firmware cpe:2.3:o:qualcomm:sd430_firmware:-:*:*:*:*:*:*:*
qualcomm sd435_firmware cpe:2.3:o:qualcomm:sd435_firmware:-:*:*:*:*:*:*:*
qualcomm sd450_firmware cpe:2.3:o:qualcomm:sd450_firmware:-:*:*:*:*:*:*:*
qualcomm sd615_firmware cpe:2.3:o:qualcomm:sd615_firmware:-:*:*:*:*:*:*:*
qualcomm sd616_firmware cpe:2.3:o:qualcomm:sd616_firmware:-:*:*:*:*:*:*:*
qualcomm sd415_firmware cpe:2.3:o:qualcomm:sd415_firmware:-:*:*:*:*:*:*:*
qualcomm sd617_firmware cpe:2.3:o:qualcomm:sd617_firmware:-:*:*:*:*:*:*:*
qualcomm sd625_firmware cpe:2.3:o:qualcomm:sd625_firmware:-:*:*:*:*:*:*:*
qualcomm sd650_firmware cpe:2.3:o:qualcomm:sd650_firmware:-:*:*:*:*:*:*:*
qualcomm sd652_firmware cpe:2.3:o:qualcomm:sd652_firmware:-:*:*:*:*:*:*:*
qualcomm sd810_firmware cpe:2.3:o:qualcomm:sd810_firmware:-:*:*:*:*:*:*:*
qualcomm sd820_firmware cpe:2.3:o:qualcomm:sd820_firmware:-:*:*:*:*:*:*:*
qualcomm sd835_firmware cpe:2.3:o:qualcomm:sd835_firmware:-:*:*:*:*:*:*:*

References for CVE-2018-11982

cvelogic Threat Intelligence