CVE-2019-10536

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Auto versions prior to the fixed version Qualcomm Snapdragon Compute versions prior to the fixed version Qualcomm Snapdragon Consumer Electronics Connectivity versions prior to the fixed version Qualcomm Snapdragon Consumer IOT versions prior to the fixed version Qualcomm Snapdragon Industrial IOT versions prior to the fixed version Qualcomm Snapdragon Mobile versions prior to the fixed version Qualcomm Snapdragon Voice & Music versions prior to the fixed version Qualcomm Snapdragon Wired Infrastructure and Networking versions prior to the fixed version

Description A potential double free scenario exists if the driver receives another DIAG EVENT LOG SUPPORTED event from firmware as the pointer is not set to NULL on the first call. This issue affects various Qualcomm Snapdragon products, including Auto, Compute, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, and Wired Infrastructure and Networking.

Recommendations For Qualcomm Snapdragon Auto, update to a version that includes the fix for this issue. For Qualcomm Snapdragon Compute, update to a version that includes the fix for this issue. For Qualcomm Snapdragon Consumer Electronics Connectivity, update to a version that includes the fix for this issue. For Qualcomm Snapdragon Consumer IOT, update to a version that includes the fix for this issue. For Qualcomm Snapdragon Industrial IOT, update to a version that includes the fix for this issue. For Qualcomm Snapdragon Mobile, update to a version that includes the fix for this issue. For Qualcomm Snapdragon Voice & Music, update to a version that includes the fix for this issue. For Qualcomm Snapdragon Wired Infrastructure and Networking, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.