CVE-2018-19860: Input Validation
Published May 6, 2019
·Updated
Bluetooth. A memory corruption issue was addressed with improved input validation.
Other sources
Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command.
Credit
CVE-2018-19860
Affected Software
130 affected componentsFixes available
Apple macOS Mojave<10.14.6
10.14.6
Apple High Sierra
Apple Sierra
Google Android
Broadcom Bcm4335c0 Firmware=2012-12-11
Broadcom BCM4335C0
Broadcom Bcm43438a1 Firmware=2014-06-02
Broadcom BCM43438A1
Cypress Cyw20702a1kwfbg Firmware
Cypress Cyw20702a1kwfbg
Cypress Cyw20702a1kwfbgt Firmware
Cypress Cyw20702a1kwfbgt
Cypress Cyw20702b0kwfbg Firmware
Cypress Cyw20702b0kwfbg
Cypress Cyw20702b0kwfbgt Firmware
Cypress Cyw20702b0kwfbgt
Cypress Cyw20703ua1kffb1g Firmware
Cypress Cyw20703ua1kffb1g
Cypress Cyw20703ua1kffb1gt Firmware
Cypress Cyw20703ua1kffb1gt
Cypress Cyw20704ua1kffb1g Firmware
Cypress Cyw20704ua1kffb1g
Cypress Cyw20704ua1kffb1gt Firmware
Cypress Cyw20704ua1kffb1gt
Cypress Cyw20704ua2kffb1g Firmware
Cypress Cyw20704ua2kffb1g
Cypress Cyw20704ua2kffb1gt Firmware
Cypress Cyw20704ua2kffb1gt
Cypress Cyw20705a1kwfbgt Firmware
Cypress Cyw20705a1kwfbgt
Cypress Cyw20705b0kwfbg Firmware
Cypress Cyw20705b0kwfbg
Cypress Cyw20705b0kwfbgt Firmware
Cypress Cyw20705b0kwfbgt
Cypress Cyw20706ua1kffb1g Firmware
Cypress Cyw20706ua1kffb1g
Cypress Cyw20706ua1kffb1gt Firmware
Cypress Cyw20706ua1kffb1gt
Cypress Cyw20706ua1kffb4g Firmware
Cypress Cyw20706ua1kffb4g
Cypress Cyw20706ua2kffb4g Firmware
Cypress Cyw20706ua2kffb4g
Cypress Cyw20706ua2kffb4gt Firmware
Cypress Cyw20706ua2kffb4gt
Cypress Cyw20707a2kubgt Firmware
Cypress Cyw20707a2kubgt
Cypress Cyw20707ua1kffb1g Firmware
Cypress Cyw20707ua1kffb1g
Cypress Cyw20707ua1kffb4g Firmware
Cypress Cyw20707ua1kffb4g
Cypress Cyw20707ua1kffb4gt Firmware
Cypress Cyw20707ua1kffb4gt
Cypress Cyw20707ua2kffb4g Firmware
Cypress Cyw20707ua2kffb4g
Cypress Cyw20707ua2kffb4gt Firmware
Cypress Cyw20707ua2kffb4gt
Cypress Cyw20707va1pkwbgt Firmware
Cypress Cyw20707va1pkwbgt
Cypress Cyw20707va2pkwbgt Firmware
Cypress Cyw20707va2pkwbgt
Cypress Cyw20730a1kfbg Firmware
Cypress Cyw20730a1kfbg
Cypress Cyw20730a1kfbgt Firmware
Cypress Cyw20730a1kfbgt
Cypress Cyw20730a1kml2g Firmware
Cypress Cyw20730a1kml2g
Cypress Cyw20730a1kml2gt Firmware
Cypress Cyw20730a1kml2gt
Cypress Cyw20730a1kmlg Firmware
Cypress Cyw20730a1kmlg
Cypress Cyw20730a1kmlgt Firmware
Cypress Cyw20730a1kmlgt
Cypress Cyw20730a2kfbg Firmware
Cypress Cyw20730a2kfbg
Cypress Cyw20730a2kfbgt Firmware
Cypress Cyw20730a2kfbgt
Cypress Cyw20730a2kml2g Firmware
Cypress Cyw20730a2kml2g
Cypress Cyw20730a2kml2gt Firmware
Cypress Cyw20730a2kml2gt
Cypress Cyw20733a1kfb1gt Firmware
Cypress Cyw20733a1kfb1gt
Cypress Cyw20733a2kfb1g Firmware
Cypress Cyw20733a2kfb1g
Cypress Cyw20733a2kfb1gt Firmware
Cypress Cyw20733a2kfb1gt
Cypress Cyw20733a2kml1g Firmware
Cypress Cyw20733a2kml1g
Cypress Cyw20733a2kml1gt Firmware
Cypress Cyw20733a2kml1gt
Cypress Cyw20733a3kfb1g Firmware
Cypress Cyw20733a3kfb1g
Cypress Cyw20733a3kfb1gt Firmware
Cypress Cyw20733a3kfb1gt
Cypress Cyw20733a3kfb2gt Firmware
Cypress Cyw20733a3kfb2gt
Cypress Cyw20733a3kml1g Firmware
Cypress Cyw20733a3kml1g
Cypress Cyw20733a3kml1gt Firmware
Cypress Cyw20733a3kml1gt
Cypress Cyw20734ua1kffb3g Firmware
Cypress Cyw20734ua1kffb3g
Cypress Cyw20734ua1kffb3gt Firmware
Cypress Cyw20734ua1kffb3gt
Cypress Cyw20734ua2kffb3g Firmware
Cypress Cyw20734ua2kffb3g
Cypress Cyw20734ua2kffb3gt Firmware
Cypress Cyw20734ua2kffb3gt
Cypress Cyw43438kubgt Firmware
Cypress Cyw43438kubgt
Cypress Cyw4343w1kubgt Firmware
Cypress Cyw4343w1kubgt
Cypress Cyw4343wkubgt Firmware
Cypress Cyw4343wkubgt
Cypress Cyw4343wkwbgt Firmware
Cypress Cyw4343wkwbgt
Cypress Cyw4354kkwbgt Firmware
Cypress Cyw4354kkwbgt
Cypress Cyw4354xkubgt Firmware
Cypress Cyw4354xkubgt
Cypress Cyw89071a1cubxgt Firmware
Cypress Cyw89071a1cubxgt
Cypress Cyw89072brfb5g Firmware
Cypress Cyw89072brfb5g
Cypress Cyw89072brfb5gt Firmware
Cypress Cyw89072brfb5gt
Cypress Cyw89335l2cubgt Firmware
Cypress Cyw89335l2cubgt
Cypress Cyw89335lcubgt Firmware
Cypress Cyw89335lcubgt
Event History
May 6, 2019
CVE Published
via Android·12:00 AM
Jun 7, 2019
CVE Published
via MITRE·04:23 PM
Data Sourced
via MITRE·04:23 PM
Description
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2019-8693
- CVE-2019-8656
- CVE-2018-19860
- CVE-2019-9506
- CVE-2020-10135
- CVE-2019-8661
- CVE-2019-8646
- CVE-2019-8660
- CVE-2019-8675
- CVE-2019-8696
- CVE-2019-8539
- CVE-2019-8697
- CVE-2019-8648
- CVE-2019-8663
- CVE-2019-8702
- CVE-2019-8695
- CVE-2019-8691
- CVE-2019-8692
- CVE-2018-16860
- CVE-2019-8694
- CVE-2019-13118
- CVE-2019-8662
- CVE-2019-8670
- CVE-2019-8701
- CVE-2019-8667
- CVE-2019-8657
- CVE-2019-8690
- CVE-2019-8649
- CVE-2019-8658
- CVE-2019-8644
- CVE-2019-8666
- CVE-2019-8669
- CVE-2019-8671
- CVE-2019-8672
- CVE-2019-8673
- CVE-2019-8676
- CVE-2019-8677
- CVE-2019-8678
- CVE-2019-8679
- CVE-2019-8680
- CVE-2019-8681
- CVE-2019-8683
- CVE-2019-8684
- CVE-2019-8685
- CVE-2019-8686
- CVE-2019-8687
- CVE-2019-8688
- CVE-2019-8689
Frequently Asked Questions
1
What is the severity of CVE-2018-19860?
CVE-2018-19860 has a high severity rating due to its potential to allow remote code execution via Bluetooth.
2
How do I fix CVE-2018-19860?
To fix CVE-2018-19860, update the affected Broadcom firmware versions to the latest that address this vulnerability.
3
Which devices are affected by CVE-2018-19860?
CVE-2018-19860 affects certain Broadcom firmware used in devices like the Nexus 5 and Raspberry Pi 3 among others.
4
What kind of issue is CVE-2018-19860 classified as?
CVE-2018-19860 is classified as a memory corruption issue resulting from improper input validation in Bluetooth.
5
When was CVE-2018-19860 disclosed?
CVE-2018-19860 was disclosed in May 2019 as part of the Android security bulletin.