CVE-2019-10499

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Mobile versions prior to the fixed version Qualcomm Snapdragon Voice & Music versions prior to the fixed version Qualcomm Snapdragon Wired Infrastructure and Networking versions prior to the fixed version Qualcomm IPQ4019 versions prior to the fixed version Qualcomm IPQ8064 versions prior to the fixed version Qualcomm IPQ8074 versions prior to the fixed version Qualcomm QCS405 versions prior to the fixed version Qualcomm SD 665 versions prior to the fixed version Qualcomm SD 675 versions prior to the fixed version Qualcomm SD 730 versions prior to the fixed version Qualcomm SD 855 versions prior to the fixed version

Description The issue arises from improper validation of read and write index of tx and rx fifos before using them for data copy from fifo, leading to out-of-bound access.

Recommendations For Qualcomm Snapdragon Mobile, update to a version that includes the fix for this issue. For Qualcomm Snapdragon Voice & Music, update to a version that includes the fix for this issue. For Qualcomm Snapdragon Wired Infrastructure and Networking, update to a version that includes the fix for this issue. For Qualcomm IPQ4019, update to a version that includes the fix for this issue. For Qualcomm IPQ8064, update to a version that includes the fix for this issue. For Qualcomm IPQ8074, update to a version that includes the fix for this issue. For Qualcomm QCS405, update to a version that includes the fix for this issue. For Qualcomm SD 665, update to a version that includes the fix for this issue. For Qualcomm SD 675, update to a version that includes the fix for this issue. For Qualcomm SD 730, update to a version that includes the fix for this issue. For Qualcomm SD 855, update to a version that includes the fix for this issue.