CVE-2019-10486

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8939, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150

Description A race condition exists due to the lack of resource lock which will be concurrently modified in the memcpy statement, leading to out of bound access. This issue affects various Qualcomm Snapdragon products, including Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, and Snapdragon Wearables.

Recommendations For the affected Qualcomm Snapdragon versions, consider applying a patch to resolve the issue. However, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider implementing synchronization mechanisms to prevent concurrent modification of resources.