CVE-2019-2294

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Auto versions MDM9205 through MDM9655 Qualcomm Snapdragon Compute versions MDM9205 through MDM9655 Qualcomm Snapdragon Connectivity versions MDM9205 through MDM9655 Qualcomm Snapdragon Consumer Electronics Connectivity versions MDM9205 through MDM9655 Qualcomm Snapdragon Consumer IOT versions MDM9205 through MDM9655 Qualcomm Snapdragon Industrial IOT versions MDM9205 through MDM9655 Qualcomm Snapdragon IoT versions MDM9205 through MDM9655 Qualcomm Snapdragon Mobile versions MDM9205 through MDM9655 Qualcomm Snapdragon Voice & Music versions MDM9205 through MDM9655 Qualcomm Snapdragon Wearables versions MDM9205 through MDM9655

Description The usage of a hard-coded magic number for calculating heap guard bytes can allow users to corrupt heap blocks without requiring knowledge of the heap algorithm. This issue affects various Qualcomm Snapdragon products, including Auto, Compute, Connectivity, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, and Wearables, in multiple chipsets such as MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon High Med 2016, SXR1130.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.