CVE-2019-2309

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SDM660, SDX20

Description An integer overflow may occur while storing calibrated data from firmware in cache, as the data length received may exceed the real data length. This issue affects various Qualcomm Snapdragon products, including Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, and Snapdragon Voice & Music.

Recommendations For the affected Qualcomm Snapdragon versions, update to a version that includes a fix for the integer overflow issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.