PT-2019-11943 · Qualcomm · Sdm630+21

Publicado

2019-12-18

Atualizado

2019-12-22

CVE-2019-10601

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions (affected versions not specified)

Description The issue is related to out of bound access that can occur while processing firmware events due to a lack of validation of WMI messages received from firmware. This affects various Qualcomm Snapdragon products, including Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, and Snapdragon Wired Infrastructure and Networking, in specific chipsets such as APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MSM8996AU, Nicobar, QCA6574AU, QCN7605, QCS405, SDM630, SDM636, SDM660, SDM845, SM6150, SM7150, and SM8150.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Validation of Array Index

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-129

Identificadores relacionados

CVE-2019-10601

Produtos afetados

Apq8096Au

Ipq4019

Ipq8064

Ipq8074

Msm8996Au

Nicobar

Qca6574Au

Qcn7605

Qcs405

Sdm630

Sdm636

Sdm660

Sdm845

Sm6150

Sm7150

Sm8150

Snapdragon Auto

Snapdragon Consumer Electronics Connectivity

Snapdragon Industrial Iot

Snapdragon Mobile

Snapdragon Voice & Music

Snapdragon Wired Infrastructure/Networking

PT-2019-11943 · Qualcomm · Sdm630+21

CVE-2019-10601

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2