CVE-2019-2305

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 665, SD 675, SD 712, SD 710, SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845, SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24

Description The issue arises from out of bound access when a reason code is extracted from frame data without validating the frame length. This affects various Qualcomm Snapdragon products, including Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, and Snapdragon Voice & Music.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.