CVE-2019-10529

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Auto versions MDM9150 through MDM9650 Qualcomm Snapdragon Compute versions MDM9150 through MDM9650 Qualcomm Snapdragon Consumer IOT versions MDM9150 through MDM9650 Qualcomm Snapdragon Industrial IOT versions MDM9150 through MDM9650 Qualcomm Snapdragon IoT versions MDM9150 through MDM9650 Qualcomm Snapdragon Mobile versions MDM9150 through MDM9650 Qualcomm Snapdragon Voice & Music versions MDM9150 through MDM9650 Qualcomm Snapdragon Wearables versions MDM9150 through MDM9650 Qualcomm MDM9206 Qualcomm MDM9607 Qualcomm MDM9640 Qualcomm MDM9650 Qualcomm MSM8909W Qualcomm MSM8996AU Qualcomm QCS405 Qualcomm QCS605 Qualcomm 215 Qualcomm SD 210/SD 212/SD 205 Qualcomm SD 425 Qualcomm SD 439 / SD 429 Qualcomm SD 450 Qualcomm SD 615/16/SD 415 Qualcomm SD 625 Qualcomm SD 632 Qualcomm SD 636 Qualcomm SD 665 Qualcomm SD 675 Qualcomm SD 712 / SD 710 / SD 670 Qualcomm SD 730 Qualcomm SD 820 Qualcomm SD 820A Qualcomm SD 835 Qualcomm SD 845 / SD 850 Qualcomm SD 855 Qualcomm SDA660 Qualcomm SDM439 Qualcomm SDM630 Qualcomm SDM660 Qualcomm SDX20 Qualcomm SDX24

Description The issue is related to a possible use after free problem due to a race condition while attempting to mark entry pages as dirty using the set page dirty() function. Additionally, there is a vulnerability in the kernel function kgsl mem entry destroy caused by synchronization errors when using a shared resource. This could allow a remote attacker to cause the system to crash.

Recommendations For Qualcomm Snapdragon Auto, update the software to a version that fixes the synchronization errors in the kgsl mem entry destroy function. For Qualcomm Snapdragon Compute, restrict access to the shared resource used by the kgsl mem entry destroy function until a patch is available. For Qualcomm Snapdragon Consumer IOT, consider disabling the set page dirty() function as a temporary workaround until a fix is released. For Qualcomm Snapdragon Industrial IOT, apply configuration changes to minimize the risk of exploitation of the kgsl mem entry destroy vulnerability. For Qualcomm Snapdragon IoT, avoid using the shared resource used by the kgsl mem entry destroy function until the issue is resolved. For Qualcomm Snapdragon Mobile, update the kernel to a version that fixes the use after free issue in the set page dirty() function. For Qualcomm Snapdragon Voice & Music, restrict access to the kgsl mem entry destroy function until a patch is available. For Qualcomm Snapdragon Wearables, consider disabling the kgsl mem entry destroy function as a temporary workaround until a fix is released. For other affected versions, at the moment, there is no information about a newer version that contains a fix for this issue.