CVE-2019-2331

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Auto versions MDM9150 through MDM9650 Qualcomm Snapdragon Compute versions QCS405 through QCS605 Qualcomm Snapdragon Consumer IOT versions MDM9150 through MDM9650 Qualcomm Snapdragon Industrial IOT versions MDM9150 through MDM9650 Qualcomm Snapdragon IoT versions MDM9150 through MDM9650 Qualcomm Snapdragon Mobile versions MSM8909W through SD 855 Qualcomm Snapdragon Voice & Music versions MDM9150 through MDM9650 Qualcomm Snapdragon Wearables versions MDM9150 through MDM9650

Description The issue is related to a possible integer overflow due to subtracting two integers without checking if the result would overflow or not. This affects various Qualcomm Snapdragon products, including Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, and Wearables.

Recommendations For Qualcomm Snapdragon Auto versions MDM9150 through MDM9650, update to a version that includes the fix for the integer overflow issue. For Qualcomm Snapdragon Compute versions QCS405 through QCS605, update to a version that includes the fix for the integer overflow issue. For Qualcomm Snapdragon Consumer IOT versions MDM9150 through MDM9650, update to a version that includes the fix for the integer overflow issue. For Qualcomm Snapdragon Industrial IOT versions MDM9150 through MDM9650, update to a version that includes the fix for the integer overflow issue. For Qualcomm Snapdragon IoT versions MDM9150 through MDM9650, update to a version that includes the fix for the integer overflow issue. For Qualcomm Snapdragon Mobile versions MSM8909W through SD 855, update to a version that includes the fix for the integer overflow issue. For Qualcomm Snapdragon Voice & Music versions MDM9150 through MDM9650, update to a version that includes the fix for the integer overflow issue. For Qualcomm Snapdragon Wearables versions MDM9150 through MDM9650, update to a version that includes the fix for the integer overflow issue.