CVE-2019-10544

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Auto versions APQ8009 through SM8250 Qualcomm Snapdragon Compute versions APQ8009 through SM8250 Qualcomm Snapdragon Consumer Electronics Connectivity versions APQ8009 through SM8250 Qualcomm Snapdragon Consumer IOT versions APQ8009 through SM8250 Qualcomm Snapdragon Industrial IOT versions APQ8009 through SM8250 Qualcomm Snapdragon IoT versions APQ8009 through SM8250 Qualcomm Snapdragon Mobile versions APQ8009 through SM8250 Qualcomm Snapdragon Voice & Music versions APQ8009 through SM8250 Qualcomm Snapdragon Wearables versions APQ8009 through SM8250

Description The issue arises from an improper length check on the source buffer, which can lead to out-of-bound access in diag handlers. This can potentially affect various Qualcomm Snapdragon products, including Auto, Compute, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, and Wearables.

Recommendations For Qualcomm Snapdragon Auto versions APQ8009 through SM8250, consider disabling the diag handlers until a patch is available. For Qualcomm Snapdragon Compute versions APQ8009 through SM8250, restrict access to the diag handlers to minimize the risk of exploitation. For Qualcomm Snapdragon Consumer Electronics Connectivity versions APQ8009 through SM8250, avoid using the vulnerable diag handlers in the affected products until the issue is resolved. For Qualcomm Snapdragon Consumer IOT versions APQ8009 through SM8250, apply configuration changes to limit the impact of the out-of-bound access. For Qualcomm Snapdragon Industrial IOT versions APQ8009 through SM8250, temporarily disable the vulnerable components until a fix is provided. For Qualcomm Snapdragon IoT versions APQ8009 through SM8250, implement additional security measures to prevent exploitation of the diag handlers. For Qualcomm Snapdragon Mobile versions APQ8009 through SM8250, update the software to a version that includes the fix for the improper length check. For Qualcomm Snapdragon Voice & Music versions APQ8009 through SM8250, restrict the use of the vulnerable diag handlers to prevent out-of-bound access. For Qualcomm Snapdragon Wearables versions APQ8009 through SM8250, consider applying a workaround to mitigate the risk of exploitation until a patch is available.